| Author |
Message |
Timothy Elvidge
Guest
|
 Posted:
Thu Jan 13, 2005 3:47 pm Post subject:
Problem with verifying certificate |
|
|
I am trying to connect an external internet client to my Live Communication
2003 Server. They have a certificate for my LC server, they are permitted
through the firewall, the DNS SRV records for _sip._tls are set up and
accessible from the client machine. But i get the message :-
There was a problem verifying the certificate from the server. Please
contact your network administrator.
Any suggestions. |
|
| Back to top |
|
 |
Sankaran (MS)
Guest
|
| Posted:
Sun Jan 16, 2005 7:02 am Post subject:
Re: Problem with verifying certificate |
|
|
Please check whether the Subject Name of your certificate matches the one
you are using. I think the subject
name must be of the form sip.mydomain.com, for DNS SRV to work. Could you
check this and post the subject name
from the cert if the problem persists ? Thanks.
"Timothy Elvidge" <TimothyElvidge@discussions.microsoft.com> wrote in
message news:B0441EA2-483C-4DAE-B2B9-D1D836AFD29F@microsoft.com...
| Quote: | I am trying to connect an external internet client to my Live
Communication
2003 Server. They have a certificate for my LC server, they are permitted
through the firewall, the DNS SRV records for _sip._tls are set up and
accessible from the client machine. But i get the message :-
There was a problem verifying the certificate from the server. Please
contact your network administrator.
Any suggestions. |
|
|
| Back to top |
|
|
Timothy Elvidge
Guest
|
| Posted:
Mon Jan 17, 2005 12:15 am Post subject:
Re: Problem with verifying certificate |
|
|
Does this mean for LCS 2003 you have to have a machine named sip in your
domain? I thought with the instructions for the Windows 2003 srv record you
could specify another machine.
"Sankaran (MS)" wrote:
| Quote: | Please check whether the Subject Name of your certificate matches the one
you are using. I think the subject
name must be of the form sip.mydomain.com, for DNS SRV to work. Could you
check this and post the subject name
from the cert if the problem persists ? Thanks.
"Timothy Elvidge" <TimothyElvidge@discussions.microsoft.com> wrote in
message news:B0441EA2-483C-4DAE-B2B9-D1D836AFD29F@microsoft.com...
I am trying to connect an external internet client to my Live
Communication
2003 Server. They have a certificate for my LC server, they are permitted
through the firewall, the DNS SRV records for _sip._tls are set up and
accessible from the client machine. But i get the message :-
There was a problem verifying the certificate from the server. Please
contact your network administrator.
Any suggestions.
|
|
|
| Back to top |
|
|
Tom Bilan
Guest
|
| Posted:
Mon Jan 17, 2005 7:24 pm Post subject:
Re: Problem with verifying certificate |
|
|
They may also need to trust the server that issues the certification to your
LCS server so I'd give them your root certificate too. Go to
http://yourcertserver/certsrv and use the download link and have them install
whatever certificates are there too.
"Timothy Elvidge" wrote:
| Quote: | Does this mean for LCS 2003 you have to have a machine named sip in your
domain? I thought with the instructions for the Windows 2003 srv record you
could specify another machine.
"Sankaran (MS)" wrote:
Please check whether the Subject Name of your certificate matches the one
you are using. I think the subject
name must be of the form sip.mydomain.com, for DNS SRV to work. Could you
check this and post the subject name
from the cert if the problem persists ? Thanks.
"Timothy Elvidge" <TimothyElvidge@discussions.microsoft.com> wrote in
message news:B0441EA2-483C-4DAE-B2B9-D1D836AFD29F@microsoft.com...
I am trying to connect an external internet client to my Live
Communication
2003 Server. They have a certificate for my LC server, they are permitted
through the firewall, the DNS SRV records for _sip._tls are set up and
accessible from the client machine. But i get the message :-
There was a problem verifying the certificate from the server. Please
contact your network administrator.
Any suggestions.
|
|
|
| Back to top |
|
|
Timothy Elvidge
Guest
|
| Posted:
Tue Jan 18, 2005 3:19 am Post subject:
Re: Problem with verifying certificate |
|
|
Thanks that helped the clients now trust the certificate. However for clients
outside the firewall where TCP port 5061 is open get the message:-
A TLS connection could not be made. Please wait for your network
adminsitrator to correct this problem, and try again later.
Clients inside the firewall but not members of the domain are able to sign in.
I checked the firewall and a session was initiated over port 5061. The
client also tried to initiate and LDAP connection although even with this
port open it failed with the same message. What am I missing?
"Tom Bilan" wrote:
| Quote: | They may also need to trust the server that issues the certification to your
LCS server so I'd give them your root certificate too. Go to
http://yourcertserver/certsrv and use the download link and have them install
whatever certificates are there too.
"Timothy Elvidge" wrote:
Does this mean for LCS 2003 you have to have a machine named sip in your
domain? I thought with the instructions for the Windows 2003 srv record you
could specify another machine.
"Sankaran (MS)" wrote:
Please check whether the Subject Name of your certificate matches the one
you are using. I think the subject
name must be of the form sip.mydomain.com, for DNS SRV to work. Could you
check this and post the subject name
from the cert if the problem persists ? Thanks.
"Timothy Elvidge" <TimothyElvidge@discussions.microsoft.com> wrote in
message news:B0441EA2-483C-4DAE-B2B9-D1D836AFD29F@microsoft.com...
I am trying to connect an external internet client to my Live
Communication
2003 Server. They have a certificate for my LC server, they are permitted
through the firewall, the DNS SRV records for _sip._tls are set up and
accessible from the client machine. But i get the message :-
There was a problem verifying the certificate from the server. Please
contact your network administrator.
Any suggestions.
|
|
|
| Back to top |
|
|
Timothy Elvidge
Guest
|
| Posted:
Tue Jan 18, 2005 3:21 am Post subject:
Re: Problem with verifying certificate |
|
|
Further the client outside the firewall is behind NAT but I thought TLS was
ok with NAT?
"Tom Bilan" wrote:
| Quote: | They may also need to trust the server that issues the certification to your
LCS server so I'd give them your root certificate too. Go to
http://yourcertserver/certsrv and use the download link and have them install
whatever certificates are there too.
"Timothy Elvidge" wrote:
Does this mean for LCS 2003 you have to have a machine named sip in your
domain? I thought with the instructions for the Windows 2003 srv record you
could specify another machine.
"Sankaran (MS)" wrote:
Please check whether the Subject Name of your certificate matches the one
you are using. I think the subject
name must be of the form sip.mydomain.com, for DNS SRV to work. Could you
check this and post the subject name
from the cert if the problem persists ? Thanks.
"Timothy Elvidge" <TimothyElvidge@discussions.microsoft.com> wrote in
message news:B0441EA2-483C-4DAE-B2B9-D1D836AFD29F@microsoft.com...
I am trying to connect an external internet client to my Live
Communication
2003 Server. They have a certificate for my LC server, they are permitted
through the firewall, the DNS SRV records for _sip._tls are set up and
accessible from the client machine. But i get the message :-
There was a problem verifying the certificate from the server. Please
contact your network administrator.
Any suggestions.
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in