October 19, 2010

0 Troubleshoot SSL Related Problems

To troubleshoot SSL related problems:

Confirm whether you can telnet to port 443 on the IP addresses of the client and
server computer. If you cannot, this usually signifies that the sspifilt.dll is not
loaded, or is the wrong version, or perhaps conflicts with other ISAPI extensions.

Examine the certificate. If you can telnet to 443, check the certificates attribute
using the browser�s View Certificate dialog box. Check the certificates effective
and expiration dates, whether the common name is correct, and also what the
Authority Information Access (AIA) or Certificate Revocation List (CRL) distribution
point is.

Confirm that you can browse directory to those AIA/CRL points successfully.
If you are using a custom client application (and not a Web browser) to access an
SSL-enabled Web site that requires client certificates, check that the client certificate
is located in the correct store that the client application accesses.
342 Building Secure ASP.NET Applications
When you use a browser, the certificate must be in the interactive user�s user
store. Services or custom applications may load the client certificate from the
machine store or a store associated with a service account�s profile. Use the
Services MMC snap-in (available when Certificate Services is installed), from the
Administrative Tools program group to examine the contents of certificate stores.
More Information
See the following SSL related Knowledge Base articles.
Q257591, �Description of the Secure Sockets Layer (SSL) Handshake�
Q257586, �Description of the Client Authentication Process During the SSL
Q257587, �Description of the Server Authentication Process During the SSL
Q301429, �HOWTO: Install Client Certificate on IIS Server for ServerXMLHTTP
Request Object�
Q295070, �SSL (https) Connection Slow with One Certificate but Faster with


The following articles in the Knowledge Base provide steps for troubleshooting
IPSec issues.
Q259335, “Basic L2TP/IPSec Troubleshooting in Windows”
Q257225, “Basic IPSec Troubleshooting in Windows 2000”

Auditing and Logging

Windows Security Logs

Consult the Windows event and security logs early on in the problem diagnostic


Post a Comment

Blogger Themes

Powered by Blogger