SSL and Load Balanced Servers (Revocation message)

Hi,
I've just copied a website that uses SSL from one IIS server to a second web
server for use in a load balanced environment. The load balancing is done via
a network load balancer.

I have exported the certificate for the domain site from the first server
and imported it to the second server following the instructions from
Microsoft :
http://support.microsoft.com/default.aspx?scid=kb;en-us;3132 99

When I access the website on the second server I get the following message
popped up :
"Revocation information for the security certificate for this site is not
available. Do you want to proceed?"

I read a MS article that explains how this could occur iof the CDP (cert
distribution point) is unavailable but I should have no problems as the web
site on the original server is still running fine (no message is displayed on
access) and it is on the same subnet.

Has anyone else come across this and found out what it could be the problem?

Many thanks,

Jay.

Re: SSL and Load Balanced Servers (Revocation message)

Hi,

What certificates are you using? Your own or from commercial CA server?

Also check that date and time on your server are correct.

--
Mike
Microsoft MVP - Windows Security

"JayMG" wrote in message
news:795E33BD-225F-4652-9D6E-0B1D942BFA68@microsoft.com...
> Hi,
> I've just copied a website that uses SSL from one IIS server to a second
> web
> server for use in a load balanced environment. The load balancing is done
> via
> a network load balancer.
>
> I have exported the certificate for the domain site from the first server
> and imported it to the second server following the instructions from
> Microsoft :
> http://support.microsoft.com/default.aspx?scid=kb;en-us;3132 99
>
> When I access the website on the second server I get the following message
> popped up :
> "Revocation information for the security certificate for this site is not
> available. Do you want to proceed?"
>
> I read a MS article that explains how this could occur iof the CDP (cert
> distribution point) is unavailable but I should have no problems as the
> web
> site on the original server is still running fine (no message is displayed
> on
> access) and it is on the same subnet.
>
> Has anyone else come across this and found out what it could be the
> problem?
>
> Many thanks,
>
> Jay.
>
>
>
>

Re: SSL and Load Balanced Servers (Revocation message)

Hi Mike,

Thanks for your reply.

The certificate is from a commercial company (expires 06/2007). I have
checked the times on my servers and they are identical.

If I look at the certificate using MMC the General tab gives Certificate
information "Windows does not have enough information to verify this
certificate". I checked the Certification Path tab andf it shows a warning
and no path is detailed. The Certification status says "The issuer of this
certificate could not be found".

If I look at the same information on the partner server it all looks good
and the Certification path is fine.

Would I normally have to do anything else to make sure my server can talk to
the certificate issuer? As i mentioned before both servers are similar in
configuration and on the same subnet.

Many thanks,

Jason.

"Miha Pihler [MVP]" wrote:

> Hi,
>
> What certificates are you using? Your own or from commercial CA server?
>
> Also check that date and time on your server are correct.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "JayMG" wrote in message
> news:795E33BD-225F-4652-9D6E-0B1D942BFA68@microsoft.com...
> > Hi,
> > I've just copied a website that uses SSL from one IIS server to a second
> > web
> > server for use in a load balanced environment. The load balancing is done
> > via
> > a network load balancer.
> >
> > I have exported the certificate for the domain site from the first server
> > and imported it to the second server following the instructions from
> > Microsoft :
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;3132 99
> >
> > When I access the website on the second server I get the following message
> > popped up :
> > "Revocation information for the security certificate for this site is not
> > available. Do you want to proceed?"
> >
> > I read a MS article that explains how this could occur iof the CDP (cert
> > distribution point) is unavailable but I should have no problems as the
> > web
> > site on the original server is still running fine (no message is displayed
> > on
> > access) and it is on the same subnet.
> >
> > Has anyone else come across this and found out what it could be the
> > problem?
> >
> > Many thanks,
> >
> > Jay.
> >
> >
> >
> >
>
>
>

Re: SSL and Load Balanced Servers (Revocation message)

Hi Jason,

What I would suggest to you is to do export again on first server and after
you select "Yes, Export the private key" on the next page of the wizard
select "Include all certificates in the certification path if possible"...
Then do the import again...

I would also like to warn you that many time commercial CAs require you to
buy addition "licenses" if you plan to install _same_ certificate on two
servers... These "licenses" usually cost same as the first certificate.

--
Mike
Microsoft MVP - Windows Security

"JayMG" wrote in message
news:21DB2481-7642-4D3F-A6EE-07643CCFF3C9@microsoft.com...
> Hi Mike,
>
> Thanks for your reply.
>
> The certificate is from a commercial company (expires 06/2007). I have
> checked the times on my servers and they are identical.
>
> If I look at the certificate using MMC the General tab gives Certificate
> information "Windows does not have enough information to verify this
> certificate". I checked the Certification Path tab andf it shows a warning
> and no path is detailed. The Certification status says "The issuer of this
> certificate could not be found".
>
> If I look at the same information on the partner server it all looks good
> and the Certification path is fine.
>
> Would I normally have to do anything else to make sure my server can talk
> to
> the certificate issuer? As i mentioned before both servers are similar in
> configuration and on the same subnet.
>
> Many thanks,
>
> Jason.
>
> "Miha Pihler [MVP]" wrote:
>
>> Hi,
>>
>> What certificates are you using? Your own or from commercial CA server?
>>
>> Also check that date and time on your server are correct.
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "JayMG" wrote in message
>> news:795E33BD-225F-4652-9D6E-0B1D942BFA68@microsoft.com...
>> > Hi,
>> > I've just copied a website that uses SSL from one IIS server to a
>> > second
>> > web
>> > server for use in a load balanced environment. The load balancing is
>> > done
>> > via
>> > a network load balancer.
>> >
>> > I have exported the certificate for the domain site from the first
>> > server
>> > and imported it to the second server following the instructions from
>> > Microsoft :
>> > http://support.microsoft.com/default.aspx?scid=kb;en-us;3132 99
>> >
>> > When I access the website on the second server I get the following
>> > message
>> > popped up :
>> > "Revocation information for the security certificate for this site is
>> > not
>> > available. Do you want to proceed?"
>> >
>> > I read a MS article that explains how this could occur iof the CDP
>> > (cert
>> > distribution point) is unavailable but I should have no problems as the
>> > web
>> > site on the original server is still running fine (no message is
>> > displayed
>> > on
>> > access) and it is on the same subnet.
>> >
>> > Has anyone else come across this and found out what it could be the
>> > problem?
>> >
>> > Many thanks,
>> >
>> > Jay.
>> >
>> >
>> >
>> >
>>
>>
>>