Re: ISA - IIS - SSL question

From: Roger Wassner (rw_at_starysky.net)
Date: 02/23/04 

Date: Mon, 23 Feb 2004 22:16:54 +0100

Hey Jason,

what means HTH- ?

Greetings
Roger

"Jason Helms" <jasonh@cghinsurance.com> schrieb im Newsbeitrag
news:O1yYl5h%23DHA.2180@TK2MSFTNGP09.phx.gbl...
> Don't know if this is the best way to do this, but here's how I did it:
>
> I installed the SSL cert on my IIS server only to generate a
private/public
> matching keyfile. I then exported that keyfile and removed the cert from
> IIS.
>
> Then, transported keyfile to ISA server and installed it into the Web
Proxy
> certificate store. Enabled SSL Listeners on ISA server for our public IP
> address, and then went into the properties of the Web Publishing Rule for
> the SSL site in question.
>
> I set all SSL requests to be redirected as HTTP (terminate secure channel
at
> proxy), but required SSL connection & 128 bit encryption.
> That eliminated all of our errors and allowed us to use SSL for our secure
> site.
>
> However, I would only recommend doing this if your ISA server is the only
> point of entry/exit of your network. If you have any dial-in access or
VPN
> that is made available to the internet by a device other than your ISA
> server, I would do SSL all the way through to your internal IIS machine.
>
> We can get away with it here because our internal network is extremely
> locked down.
>
> HTH-
>
> Jason
>
>
>
> "Noodles" <alexfurlong@hotmail.com> wrote in message
> news:Xns9495BDA2BB978noodlehotmailcom@216.168.3.30...
> > I've been studying the best way to get SSL to work (bridging) behind the
> > ISA server. Here is my problem.
> >
> > My SSL Certificate is installed on the IIS and ISA. I have a destination
> > set and a publishing rule set up. Without SSL (http) the site works
fine.
> > When I try to use SSL (https) I get the following error.
> >
> > "500 Internal Server Error - The network logon failed. (1790)
> > Internet Security and Acceleration Server"
> >
> > If I change the publishing rule bridging rule from SSL (est. a secure
> > channel)-default- to HTTP(terminate the secure channel at proxy) HTTP
and
> > HTTPS works fine.
> >
> > Now the only thing I can figure might be wrong is in the acton tab. I
> > redirect the web request to the internal IIS server name not the FQDN of
> > the site (ex. iisserver.mydomain.com not www.mydomain.com). Is this my
> > problem? And if so, what would be the best way to correct this. I tried
> > to create an alias DNS entry www for my internal server but I get a
> > "10061 - Connection refused" error.
> >
> > Thanks
>
>

Relevant Pages

  • Re: ISA 2006 server cant access the internet - help with rule
    ... Meant "To: Internal" (not Internet) ... There isn't supposed to be an IIS on the ISA. ... The features and limitations of a single-homed ISA Server 2004 computer ...
    (microsoft.public.isa)
  • Re: ISA wildcard certificate
    ... | I'm having trouble to configure my setup with a wildcard SSL. ... The subject of the certificate presented to the webclient from ISA MUST be ... The subject of the certificate presented to the ISA server from IIS MUST be ...
    (microsoft.public.isa)
  • Re: 403 Forbidden Error
    ... Is there any other related source, because still i am getting the same 403 ... I run the Microsoft ISA Server Best Practices ... Our case is single Network adaptor senario if i install IIS in ISA server ... internet user can not able to browse bacause internet and IIS both are using ...
    (microsoft.public.isa.publishing)
  • Re: SharePoint 3.0: problems with external access
    ... If a host header is defined, IIS ... needs in the external address is in fact the port used by SSL! ... SSL, it shows 8000, in the Properties section. ... Go to 'Alternate Access Mappings' and in the 'Internet Zone' for your ...
    (microsoft.public.windows.server.sbs)
  • Re: ISA - IIS - SSL question
    ... >> I installed the SSL cert on my IIS server only to generate a ... >> IIS. ... Enabled SSL Listeners on ISA server for our public IP ...
    (microsoft.public.isaserver)