Jump to content


We use cookies to let you log in, for ads and for analytics. OK

Photo

Site SSL issue

ssl




  • Please log in to reply
No replies to this topic

#1 robiso22

robiso22

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 16 February 2017 - 06:19 PM

Hi,

 

Yesterday I tried to make our site server and distribution points SSL. There are a ton of guides on the internet for how to do this. I think i ended up using this one: https://sccmguy.com/2013/11/26/pki-certificates-for-configuration-manager-2012-r2-part-1-of-4-web-server-certificate/. However, when we were done, client communication stopped. Some of the relevant logs:

 

From CcmMessaging
Successfully queued event on HTTP/HTTPS failure for server 'XXX'.
Post to https://XXX/ccm_system_windowsauth/request failed with 0x87d00231.

From CcmNotificationAgent
Error: Server certificate retrieved in TLS is not an exact match of the current MP encryption certificate.
Error: 0x80090322 authenticating server credentials!
Failed to signin bgb client with error = 80090322.
Fallback to HTTP connection.
[CCMHTTP] ERROR: URL=http://1982-X-MP-1-P01.xactware.com/bgb/handler.ashx?RequestType=LogIn, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE 
(EDIT: MANAGEMENT POINT IS ACCEPTING HTTPS ONLY SO I EXPECTED THIS ONE)

 

From Mpcontrol

Selected certificate [thumbprint] issued to 'XXX' for HTTPS client authentication

Call to HttpSendRequestSync failed for port 443 with status code 403; text: Forbidden

 

To me this looks like a certificate issue. However, no matter what I've tried (added a common name in addition to the DNS name in the certificate, deleted and enrolled again for client and server side certificates, reinstalling the management point, 5 hours of other things I don't remember) I can't rid of this error.

Aside from binding the SSL cert to the default website in IIS, is there anything else that needs to be done in IIS? Am I missing something else? 

 

Appreciate any pointers,

Scott
 









Also tagged with one or more of these keywords: ssl

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users