A custom endpoint detection script that uses the Whale.System.IsCertValid function in Intelligent Application Gateway 2007 cannot detect client certificates by their Subject Alternative Names

Article translations Article translations
Article ID: 962861 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

In Microsoft Intelligent Application Gateway (IAG) 2007, you apply a custom endpoint detection script to run client compliance checks. The detection script uses the Whale.System.IsCertValid function to validate client certificates. However, the detection script cannot locate a certificate that is installed in the correct location.

Additionally, client-side logging shows that the certificate store is searched but no certificate that matches the search criteria is found.

This problem occurs when the installed certificate has a Subject Alternative Name but no Subject, or when the Subject Alternate Name contains information that is not available in the Subject.

CAUSE

The Whale.System.IsCertValid function is not designed to work with certificates that contain a Subject Alternative Name.

RESOLUTION

To resolve this problem, apply Intelligent Application Gateway 2007 Service Pack 2 Update 1. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
968384 Description of Update 1 for Intelligent Application Gateway 2007 Service Pack 2
The Whale.System.IsCertValid function was updated to search for a matching certificate by using both the Subject and the Subject Alternative Name's DNS Name field.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 962861 - Last Review: May 5, 2009 - Revision: 1.0
APPLIES TO
  • Microsoft Intelligent Application Gateway 2007
Keywords: 
kbexpertiseinter kbsurveynew kbbug kbfix kbqfe KB962861

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com