RPC over HTTP on SELF SSL - solved!

TheMSsForum.com: The Microsoft Software Forum

It seems like there are a ton of poeple online who are having trouble with
RPC over HTTPS. I was one of them, but I got a solution now and I wanted to
share it with everyone.

I had followed all the RPC instructions on microsoft's web site. And still
my Outlook client would hang when I was outside of my LAN. Why?? Well, it
turns out that if you have a SSL certificate you created using SELFSSL, then
you may have an issue!

First thing you need to do is to make sure that you created the right kind
of certificate. Namely, make sure that you set a large enough window for the
expiration date and then make sure that \N option says something like
"*.mydomain.com" so that you cover all subdomains for that certificate (as
most of you probably want to do).

Now try going to the RPC web page by pointing Internet Explorer to
https://FQDN/rpc ... do you see a pop up screen giving you a warning about
the certificate? If so, then click on "view certificate" and then click on
"install certificate". Now you have installed that SSL certificate and you
should not see this pop up screen agian. Try shutting down Internet
Explorer, restarting it, and then going to that web page again. Now you
should not see that pop up warning screen about the SSL certificate.

Hopefully this should fix your problem. It did for me!
Top

Re: RPC over HTTP on SELF SSL - solved! by Mark

Mark
Mon Mar 14 01:58:01 CST 2005

On Sun, 13 Mar 2005 15:15:03 -0800, "aa"
<aa@discussions.microsoft.com> wrote:

>It seems like there are a ton of poeple online who are having trouble with
>RPC over HTTPS. I was one of them, but I got a solution now and I wanted to
>share it with everyone.
>
>I had followed all the RPC instructions on microsoft's web site. And still
>my Outlook client would hang when I was outside of my LAN. Why?? Well, it
>turns out that if you have a SSL certificate you created using SELFSSL, then
>you may have an issue!
>
>First thing you need to do is to make sure that you created the right kind
>of certificate. Namely, make sure that you set a large enough window for the
>expiration date and then make sure that \N option says something like
>"*.mydomain.com" so that you cover all subdomains for that certificate (as
>most of you probably want to do).
>
>Now try going to the RPC web page by pointing Internet Explorer to
>https://FQDN/rpc ... do you see a pop up screen giving you a warning about
>the certificate? If so, then click on "view certificate" and then click on
>"install certificate". Now you have installed that SSL certificate and you
>should not see this pop up screen agian. Try shutting down Internet
>Explorer, restarting it, and then going to that web page again. Now you
>should not see that pop up warning screen about the SSL certificate.
>
>Hopefully this should fix your problem. It did for me!

Thanks. I'd never heard of SELFSSL on the IIS6 RK before. Most people
with RPC over HTTPS problems are having them because they are using
Windows Certificate Services certs and the cert name doesn't match the
fqdn. Easily solved by using the IIS wizard to request the certreq.txt
and process it that way (you get the option to select the name of the
cert you want)

I have a faq for these problems and will include this information in
it (but without credits since you're posing anon)
Top