RE: Certificate

---

• From: Shijaz <Shijaz@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 4 Sep 2006 13:24:02 -0700

---

ISA 2004 does not inspect traffic inside an SSL tunnel.

However, as per the ISA 2006 evaluation guide, ISA 2006 supports inspection
of SSL encrypted content.
See
http://download.microsoft.com/download/1/C/6/1C6A42B2-79E6-4201-A8B2-73DC0DB8DD47/Evaluation_Guide.doc

"The ISA Server 2006 firewall decrypts the SSL stream, performs stateful
inspection, and then re-encrypts the data and forwards it to the published
Web server."

--
Shijaz Abdulla
MCSE:Security, CCNA
www.shijaz.com/isaserver


"Tom" wrote:

Can the ISA (version 2006) firewall inspect traffic inside an SSL tunnel ???

Thanks,
--
Tom


"Shijaz" wrote:

The certificate should be imported to the "Personal" certificate store, not
the "trusted root certificates" store..

See this article, its helpful and provides step by step info:

Digital certificates for ISA 2004
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/digitalcertificates.mspx

If your importing a commercial certificate tht you purchased, see the
section Certificates from a Commercial Certification Authority Procedure 5.


--
Shijaz Abdulla
MCSE:Security, CCNA
www.shijaz.com/isaserver


"Tom" wrote:

Ok, thanks for the information.
Now, i have a certificate and i used mmc snap-in to install it.
Now it is in "trusted root certification authorities" ... but when try to
select it via the ISA console using a "web listener" for https, i disable
http & select https for port 443 ... problem is: when i want to select the
certificate i get "there are no certificates configured on this server" ...
what is the problem here?

--
Tom


"Shijaz" wrote:

You can import the SSL certificate (*.CER file) into the machine running ISA
by using the 'certificates' MMC snap-in on the local computer.

As Philip said, you shouldn't install IIS on the machine running ISA server
if your not running Small Business Server.


--
Shijaz Abdulla
MCSE:Security, CCNA
www.shijaz.com/isaserver


"Tom" wrote:

Hi,
Is it possible to create a certificate for ISA 2004 to be able to use ssl
without having to install IIS.
Thanks,
Tom

.

---

• References:
  • RE: Certificate
    • From: Tom

• Prev by Date: RE: Certificate
• Next by Date: Non cache for Sites/Users ISA 2004
• Previous by thread: RE: Certificate
• Next by thread: Non cache for Sites/Users ISA 2004
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: L2TP/IPSEC site-to-site question ... seems more difficult on Windows and Isa 2000 mix, ... If I want to use certificates what type I have to use? ... > site-to-site VPN connection. ... > Site-to-Site VPN in ISA Server 2004 ... (microsoft.public.isa) RE: L2TP/IPSEC site-to-site question ... Microsoft Internet Security and Acceleration (ISA) Server 2004 ... >site-to-site vpn connection. ... >My concerns are about the certificates part. ... (microsoft.public.isa) Re: ISA OWAActive SyncOMARPC over HTTP setup question ... you'll need two separate listeners and two certificates. ... I have ISA 2004 SP2 hosting forms based authentication to OWA over SSL. ... (microsoft.public.isa.publishing) RE: L2TP/IPSEC site-to-site question ... Microsoft CSS Online Newsgroup Support ... The public newsgroup only focuses on ISA related technical issues, ... When opening a new thread via the web interface, we recommend you check the ... >If I want to use certificates what type I have to use? ... (microsoft.public.isa) Re: Yipee, got the ISA Purchase Approved, now I need to work out certificates ... ISA 2004+ supports wildcard certificates at the upstream server. ... Publishing Multiple Web Sites using a Wildcard Certificate in ISA Server ... (microsoft.public.isa)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa.configuration  > 2006-09