SOLVED
Home

Verification of SSL-Certificate without internet connection

%3CLINGO-SUB%20id%3D%22lingo-sub-165657%22%20slang%3D%22en-US%22%3EVerification%20of%20SSL-Certificate%20without%20internet%20connection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-165657%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Community!%3C%2FP%3E%0A%3CP%3EI'm%20currently%20facing%20an%20issue%20with%20a%20webapplication%20and%20ssl-certificates.%3C%2FP%3E%0A%3CP%3EThe%20Scenario%20is%20that%26nbsp%3Bwe%20have%20a%20web-Application%20for%20the%20Intranet%20hosted%26nbsp%3Bby%20an%20IIS.%20Due%20to%20security%20reasons%20the%20server%20has%20no%20internet%20connection%20and%20cannot%20validate%20the%20SSL%20certificate.%3C%2FP%3E%0A%3CP%3EI%20tried%20nearly%20everything%20to%20disable%20the%20CRL%20and%20OCP%2C%26nbsp%3Bbut%20I%26nbsp%3Bconstantly%20get%20errors%20in%20the%20event%20log%20stating%20that%20the%20ssl-valdiation%20failed.%20I%20looked%20a%20lot%20in%20the%20capi2%20log%20but%20I%20can't%20find%20out%20why%20the%20CRL%20%2F%20OCP%20is%20still%20active.%3C%2FP%3E%0A%3CP%3EMy%20question%20is%3A%20How%20do%20you%20handle%20SSL-Certificates%26nbsp%3Bon%20a%20server%20that%20is%20not%20internet-connected%3F%20Are%20there%20any%20best%20practices%20or%20good%20blog%20articles%3F%20I%20couldn't%20find%20any%20articles%20for%20my%20specific%20Problem.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20only%20solution%20I%20have%20left%20is%20to%20configure%20the%20proxy-server%20for%20the%20app-pool%20account%20as%20this%20account%20seems%20to%20be%20validating%20the%20cert.%20Would%20you%20consider%20this%26nbsp%3Ba%20good%20practice%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-165657%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIIS%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-167908%22%20slang%3D%22en-US%22%3ERe%3A%20Verification%20of%20SSL-Certificate%20without%20internet%20connection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167908%22%20slang%3D%22en-US%22%3E%3CP%3EHmm%2C%20well%20the%20button%20is%20misleading%3B%20should%20read%20Best%20Response%20%3CU%3Esuggested%3C%2FU%3E%20by%20........%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-166129%22%20slang%3D%22en-US%22%3ERe%3A%20Verification%20of%20SSL-Certificate%20without%20internet%20connection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-166129%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20the%20update.%20Fingers%20are%20crossed!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-166071%22%20slang%3D%22en-US%22%3ERe%3A%20Verification%20of%20SSL-Certificate%20without%20internet%20connection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-166071%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Richard%2C%3C%2FP%3E%0A%3CP%3Ethank%20you%20very%20much%20for%20this%20link%20-%20I'll%20try%20this%20and%20report%20if%20it%20worked.%3C%2FP%3E%0A%3CP%3EUsually%20I'm%20good%20at%20googling%20don't%20know%20why%20I%20didn't%20find%20this%20solution.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-165680%22%20slang%3D%22en-US%22%3ERe%3A%20Verification%20of%20SSL-Certificate%20without%20internet%20connection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-165680%22%20slang%3D%22en-US%22%3E%3CP%3EHave%20you%20seen%20this%20article%3F%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fblogs.msdn.microsoft.com%2Fjohan%2F2010%2F02%2F02%2Fusing-ssl-without-an-internet-connection%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.msdn.microsoft.com%2Fjohan%2F2010%2F02%2F02%2Fusing-ssl-without-an-internet-connection%2F%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELooks%20like%20it%20should%20fix%20your%20issue.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Deleted
Not applicable

Hi Community!

I'm currently facing an issue with a webapplication and ssl-certificates.

The Scenario is that we have a web-Application for the Intranet hosted by an IIS. Due to security reasons the server has no internet connection and cannot validate the SSL certificate.

I tried nearly everything to disable the CRL and OCP, but I constantly get errors in the event log stating that the ssl-valdiation failed. I looked a lot in the capi2 log but I can't find out why the CRL / OCP is still active.

My question is: How do you handle SSL-Certificates on a server that is not internet-connected? Are there any best practices or good blog articles? I couldn't find any articles for my specific Problem.

 

The only solution I have left is to configure the proxy-server for the app-pool account as this account seems to be validating the cert. Would you consider this a good practice?

4 Replies

Hi Richard,

thank you very much for this link - I'll try this and report if it worked.

Usually I'm good at googling don't know why I didn't find this solution.

 

Thanks for the update. Fingers are crossed!

Hmm, well the button is misleading; should read Best Response suggested by ........

 

 

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies