A custom endpoint detection script that uses the Whale.System.IsCertValid function in Intelligent Application Gateway 2007 cannot detect client certificates by their Subject Alternative Names

This article has been archived. It is offered "as is" and will no longer be updated.
SYMPTOMS
In Microsoft Intelligent Application Gateway (IAG) 2007, you apply a custom endpoint detection script to run client compliance checks. The detection script uses the Whale.System.IsCertValid function to validate client certificates. However, the detection script cannot locate a certificate that is installed in the correct location.

Additionally, client-side logging shows that the certificate store is searched but no certificate that matches the search criteria is found.

This problem occurs when the installed certificate has a Subject Alternative Name but no Subject, or when the Subject Alternate Name contains information that is not available in the Subject.
CAUSE
The Whale.System.IsCertValid function is not designed to work with certificates that contain a Subject Alternative Name.
RESOLUTION
To resolve this problem, apply Intelligent Application Gateway 2007 Service Pack 2 Update 1. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
968384 Description of Update 1 for Intelligent Application Gateway 2007 Service Pack 2
The Whale.System.IsCertValid function was updated to search for a matching certificate by using both the Subject and the Subject Alternative Name's DNS Name field.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Properties

Article ID: 962861 - Last Review: 01/15/2015 02:43:28 - Revision: 1.0

  • Microsoft Intelligent Application Gateway 2007
  • kbnosurvey kbarchive kbexpertiseinter kbsurveynew kbbug kbfix kbqfe KB962861
Feedback