|
Home > Archive > BizTalk Server > April 2004 > BizTalk.SendHTTPX.1 server certificate issue
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
BizTalk.SendHTTPX.1 server certificate issue
|
|
|
| Hi All,
We have encounted a very strange problem here.
We send XML message over HTTPS to our partner. Our production server worked fine with their old production server. The root certificate of their (web ) server certificate is the same for their new/old production systems. So I can assure that the root
certificate was installed correctly on my production biztalk server.(otherwise it wouldn't work with their old production server).
Now problem happens when we connect to their new production server, we find the error in the event log
*****************begin of error**************
[0x80090327] An error occurred during transmission:
A secure connection with the remote server could not be negotiated. The server's certificate may not be valid.
Request information:
***************end of error*******************
After the network sniffing, we found that the traffic was fine when it reached our firewall. but sniffing result on our production server showed that only part of their Root certificate was received (web server certificate was received well) and the com
municate failed at SSL handshake phase.
Now we are totally confused and don't know where the problem is - if it is biztalk, then why Biztalk worked with partner's old server with the same CA root certificate? If it is partner's problem, then the traffic was good at firewall?
Then I found a Microsoft KB article Q296833 - stating that windows has problem in handling odd-sized key certificate. But that's also not very convincing since it worked with partner old production server. (althought their root certificate is indeed odd-s
ized key, 1000-bit)
Any one experience the same problem?
Thanks for any possible help!
| |
| Jorge Balderas 2004-04-06, 9:42 am |
| Hi Tom,
Usually in the error log, below the Request information, you should see a
more explicit error reason, such as these:
The target principal name is incorrect.
(This is Error code: 80090322)
The certificate chain was issued by an untrusted authority.
(This is Error code: 80090325)
Did your partner's production server name/url changed? This may sound too
obvious, but I've seen cases (usually by mistake) the installed server
certificate "Issued to" name does not match the server name, and thus causes
the "certificate may not be valid" error. A very simple test you can try if
you're able to hit the partner's url you're trying to post to from a
browser, you can see the certificate that's really installed on your
server's partner, or if you get a certificate warning (e.g. certificate
expired; not issued by a trusted CA; or does not match server name) then you
know for sure the cert is not valid.
"Tom" <anonymous@discussions.microsoft.com> wrote in message
news:21E908F6-3AC0-47F9-8C89-F06883B93F8F@microsoft.com...
> Hi All,
> We have encounted a very strange problem here.
> We send XML message over HTTPS to our partner. Our production server
worked fine with their old production server. The root certificate of their
(web ) server certificate is the same for their new/old production systems.
So I can assure that the root certificate was installed correctly on my
production biztalk server.(otherwise it wouldn't work with their old
production server).
> Now problem happens when we connect to their new production server, we
find the error in the event log
>
> *****************begin of error**************
> [0x80090327] An error occurred during transmission:
> A secure connection with the remote server could not be negotiated. The
server's certificate may not be valid.
> Request information:
> ***************end of error*******************
>
> After the network sniffing, we found that the traffic was fine when it
reached our firewall. but sniffing result on our production server showed
that only part of their Root certificate was received (web server
certificate was received well) and the communicate failed at SSL handshake
phase.
> Now we are totally confused and don't know where the problem is - if it
is biztalk, then why Biztalk worked with partner's old server with the same
CA root certificate? If it is partner's problem, then the traffic was good
at firewall?
>
> Then I found a Microsoft KB article Q296833 - stating that windows has
problem in handling odd-sized key certificate. But that's also not very
convincing since it worked with partner old production server. (althought
their root certificate is indeed odd-sized key, 1000-bit)
>
> Any one experience the same problem?
>
> Thanks for any possible help!
>
>
>
|
|
|
|
|