Re: Installing Certificates - Pulling My Hair Out
From: John Hawkins [MSFT] (jhawkins_at_online.microsoft.com)
Date: 10/04/04
- Previous message: Mike SF: "ISA 2004 and OWA on SAME COMPUTER"
- In reply to: Wayne Murphy: "Installing Certificates - Pulling My Hair Out"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 4 Oct 2004 17:31:38 -0500
Ok honestly this does not make a lot of sense. Why would you do HTTP over
the internet to the ISA Server then doe SSL tot he internal Web Server? It
would be more secure to do SSL over the internet to ISA and then HTTP back
to the web server.
But anyways....
You do not need the Web Cert in Computer-->Personal-->Certificates and this
can be listed in the Incoming Listener. This is only needed if you are
terminating SSL at ISA from the external Client.
You should just have a normal Web Listener for port 80.
The Certificate you are trying to put in
W3proxy---->Personal---->Certificates would be a User certificate and used
when you are trying to do Client Certificate Authentication to the internal
WebServer.
That is not what you are describing so you do not need that either. Honestly
you would not need any certificates in this. But I am actually not sure this
will even work.
Because the response a client will get will be HTTPS so you may then have to
use Link Translation to turn this back to HTTP so the client can respond
again.
Honestly this is not a very good setup and I would recommend one of the
following scenario:
#1: Terminate SSL at ISA from Client over internet and Bridge HTTP back to
Web Server
324167 HOW TO: Export, Install, and Configure Certificates to Internet
Security
http://support.microsoft.com/?id=324167
Then Web Publish the site.
or
#2: Server Publish the Web Server and do SSL all the way from client to Web
Server.
298900 How to Publish SSL Web Sites by Using Server Publishing
http://support.microsoft.com/?id=298900
Thanks,
-- John Hawkins [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights. "Wayne Murphy" <wayne@piercedknob.co.uk> wrote in message news:efd6f022.0410010036.5e919b65@posting.google.com... > Hi all, > > Here is my problem. I am trying to configured a web publishing rule > to terminate http at the ISA server and then start an SSL connection > to the webserver. (in my opinion its a little silly but this is what > the customer wants. He is publishing his OWA server on his site using > SSL, cannot see the point saying e-mail is sent un-encrypted anyway > !). > > I have installed the Certificate in the Local > Computer-->Personal-->Certificates and this can be listed in the > Incoming Listener (proves the private/public key combinations have > been successfully exported). I have also installed the certificate in > the Service W3Proxy-->Personal-->Certificates aswell. > > On the Web Publishing rule i have tried to set the Bridging tab to > use a certificate to authenticate to the SSL Web server and when i > press select i get "There are no certificates configured on this > server". > > I am now pulling my hair out and getting no joy. What have i missed > out ? > > Thanks in advance
- Previous message: Mike SF: "ISA 2004 and OWA on SAME COMPUTER"
- In reply to: Wayne Murphy: "Installing Certificates - Pulling My Hair Out"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
