Double check if the listener accepts any client cert trusted by TMG, or only from those checked in the list below. There, if you go to Client Certificate Trust List, you will see what the existing setting is. The client certificate part is in Advanced Options. In the listener, you can choose the client authentication method. So where could be the problem? First, it is almost sure that the error was given from the listener in the publishing policy in TMG. Also the client certificate itself is okay. The description from Microsoft is the same for error 1221: The client certificate used to establish the SSL connection with the Forefront TMG computer is not trusted.īut when you checked the chain that installed in TMG, they look fine. On the TMG side, it showed a similar error. When user tried to access ActiveSync published by Microsoft Forefront TMG, the browser got this: This is a scenario that the client certificate was issued by the new issuing CA. This also applies to the reverse proxy and sometimes it gets little more complicated. After you install or upgrade the new CA and certificate chain in your environment, you need to verify that all the servers and network devices trust the new authorities.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |