This article has been archived. It is offered "as is" and will no longer be updated.
In Microsoft Intelligent Application Gateway (IAG) 2007, you apply a custom endpoint detection script to run client compliance checks. The detection script uses the Whale.System.IsCertValid function to validate client certificates. However, the detection script cannot locate a certificate that is installed in the correct location.
Additionally, client-side logging shows that the certificate store is searched but no certificate that matches the search criteria is found.
This problem occurs when the installed certificate has a Subject Alternative Name but no Subject, or when the Subject Alternate Name contains information that is not available in the Subject.
The Whale.System.IsCertValid function is not designed to work with certificates that contain a Subject Alternative Name.
To resolve this problem, apply Intelligent Application Gateway 2007 Service Pack 2 Update 1. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
968384 Description of Update 1 for Intelligent Application Gateway 2007 Service Pack 2
The Whale.System.IsCertValid function was updated to search for a matching certificate by using both the Subject and the Subject Alternative Name's DNS Name field.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates