There is a little tool http://beta.woodstone.nu/soft/support/show-cert.exe that gives you the names to use.
If what you're saying is correct then there is indeed a problem, with the CERT/HTTP component we're using. Do you have some "doc" showing that you're right? dirk -----Original Message----- From: Servers Alive Discussion List [mailto:sal...@woodstone.nu] On Behalf Of Mark Perry Sent: Thursday, April 22, 2010 1:16 AM To: Servers Alive Discussion List Subject: RE: [TP-SPAM] - RE: [SA-list] Checking a webservice(POST data) with a client certificate. - Character set not allowed This would imply that SA interprets the cert subject incorrectly, would it not? I don't mean to imply IE is always right, but if you open an mmc add the certificates plugin and view the cert the subject is "right" here. I wonder about the ramifications of this workaround. I am going on pure memory here but a cert subject is mandatory but a cert common name is not. I have played with certs a fair bit and still find the whole thing a mare. Apart from RFC's there is very little on t'internet which is useful which is typical of security protocols. I'm glad Dirk has resolved your issue but I still, from the evidence believe this isn't truly resolved. -----Original Message----- From: Servers Alive Discussion List [mailto:sal...@woodstone.nu] On Behalf Of Application Server Admin Sent: 21 April 2010 17:20 To: Servers Alive Discussion List Subject: [TP-SPAM] - RE: [SA-list] Checking a webservice(POST data) with a client certificate. - Character set not allowed Hi All, We got to the bottom of this and got it working after taking it off the discussion list. Firstly, can I say thanks to Dirk for he responsiveness on this issue - the delay in getting back to update the discussion list lies purely with me. ----- There are a couple of elements to the solution. One: There was a small code change required which is downloadable in beta. No date on full release yet. Two: We had to figure out the exact parameter values to set so that ServersAlive could pick up the client certificate and use it in the post request. In the host file entry for this check I had to update: #ADPA="" to: #ADPA="#SSLCERTSTORE=My#SSLCERTSUBJECT=CERT-COMMON-NAME#" The point to note is that the 'Subject' field on the text version of the cert file used AND the 'Subject' field of the cert when viewed through IE's Certificates viewer show different values for the subject, none of which are just the Cert Common Name. The value that you should specify for 'SSLCERTSUBJECT' appears to be just the Cert CN(Common Name) value. Regards ... Gareth > ------------------------------------------- > From: Servers Alive Discussion List on behalf of Dirk Bulinckx[SMTP:d...@woodstone.nu] > Sent: Wednesday, April 07, 2010 12:15:38 PM > To: Servers Alive Discussion List > Subject: RE: [SA-list] Checking a webservice(POST data) with a client certificate. > Auto forwarded by a Rule > Based on the logging this seems like an "older" version of SA. Can you update to the latest beta build, it will probably still give a similar error BUT it will show the line number (were it now shows line 0) dirk -----Original Message----- From: Servers Alive Discussion List [mailto:sal...@woodstone.nu] On Behalf Of Application Server Admin Sent: Wednesday, April 07, 2010 12:56 PM To: Servers Alive Discussion List Subject: [SA-list] Checking a webservice(POST data) with a client certificate. Hi All, We are trying to check a webservice is up and responding by posting data to a test method. Our main issue is that it requires a client certificate for authentication. I have installed the client certificate on our machine running servers alive. - Windows Server 2003 R2 - Logged in a 'administrator' Our entry for the webservice check currently contains the following additional parameters to try pick up the client cert for the POST request(this is based on the servers alive documentation): #ADPA="#SSLCERTSTORE=MY#SSLCERTSUBJECT=O=TEST-XXXXTEST-ABCDEFG, OU=ABCDEFG, O=TESTOU, CN=TEST-XXXXTEST-ABCDEFG#" The log entry for this check is: -------- Thursday, March 25, 2010 3:27:13 PM TEST-CLIENT-CHECK Thursday, March 25, 2010 3:27:13 PM URLCheck : SSL client certificate : 0 Thursday, March 25, 2010 3:27:13 PM URL check (https://xxxxxxxx.xxxxxx.xxxx.ie/xxxx/v1) failed due to Object variable or With block variable not set(line 0) counter=55 .... Thursday, March 25, 2010 3:27:18 PM TEST-CLIENT-CHECK Thursday, March 25, 2010 3:27:18 PM URLCheck : SSL client certificate : 0 Thursday, March 25, 2010 3:27:18 PM URL check (https://xxxxxxxx.xxxxxx.xxxx.ie/xxxx/v1) failed due to Object variable -------- Has anyone else tried to use client certificates in their checks? How did you get on? Regards ... Gareth To unsubscribe send a message with UNSUBSCRIBE in the subject line to salive@woodstone.nu If you use auto-responders (like out-of-the-office messages), make sure that they are not sent to the list nor to individual members. Doing so will cause you to be automatically removed from the list. To unsubscribe send a message with UNSUBSCRIBE in the subject line to salive@woodstone.nu If you use auto-responders (like out-of-the-office messages), make sure that they are not sent to the list nor to individual members. Doing so will cause you to be automatically removed from the list. To unsubscribe send a message with UNSUBSCRIBE in the subject line to salive@woodstone.nu If you use auto-responders (like out-of-the-office messages), make sure that they are not sent to the list nor to individual members. Doing so will cause you to be automatically removed from the list. ******************************************************************************** ************** See the latest news on our blog www.blog.telephoneticsVIP.co.ukand sign up for our forum www.forum.telephoneticsVIP.co.uk for discussion and downloads. Telephonetics VIP is a limited company registered in England and Wales. Registered number: 2831215. Registered office: 7th Floor, Hamilton House, 111 Marlowes, Hemel Hempstead, Hertfordshire, HP1 1BB. The disclaimer is available at: http://www.telephoneticsvip.co.uk/telephoneticsvip/emaildisclaimer.jsp , applies to this message and any associated files. ******************************************************************************** ************** To unsubscribe send a message with UNSUBSCRIBE in the subject line to salive@woodstone.nu If you use auto-responders (like out-of-the-office messages), make sure that they are not sent to the list nor to individual members. Doing so will cause you to be automatically removed from the list. To unsubscribe send a message with UNSUBSCRIBE in the subject line to salive@woodstone.nu If you use auto-responders (like out-of-the-office messages), make sure that they are not sent to the list nor to individual members. Doing so will cause you to be automatically removed from the list.
