Re: Publishing SSL Server with certificate on host server

Thanks for your response. The listener doesn't see this certificate,
because it is on the web server and not the ISA server. Are you saying I
can also install that same certificate on the ISA server?
--Sandy

"Wayne" <wayne@xxxxxxxxxx> wrote in message
news:%23Ri7oGzaHHA.596@xxxxxxxxxxxxxxxxxxxxxxx
In the web listener, you need to add the certificate that you have put on
the website - leave it on the website as well. This is so that the ISA
server can see into the SSL traffic.


"Sandy Proesch" <sproe@xxxxxxxxxxx> wrote in message
news:%23bev97yaHHA.4012@xxxxxxxxxxxxxxxxxxxxxxx
We have an SSL webserver that resides on our internal lan that has a
verisign certificate. There is an external IP associated with this web
server and when it hits the external firewall, it is redirected to the
internal lan address. This all works very well. However, we want to
remove the internal LAN card from the external firewall and have all
incoming traffic pass through the DMZ and into the ISA Proxy, our
internal firewall. We've used the ISA Proxy for outgoing mostly, so I'm a
little new at configuring it for incoming traffic and I could use some
help. I figured publishing the SSL webserver on the proxy and having it
listen for traffic coming from the DMZ card there, on a specific DMZ
address, and then changing the firewall to redirect the external address
to this DMZ address would work.

I'm stopped though at the web listener, which insists the certificate has
to be on the ISA Server. The Verisign certificate exists on the
webserver, and from what I understand not easy to move. Do I need
another certificate for the ISA Server, or is there a way to pass the
request for a certificate through to the webserver? Are am I making this
far more complicated than it needs to be? I simply want to pass 443
traffic from the outside bound for the internal webserver through the
proxy.

Thanks for any ideas.

--Sandy





.

Relevant Pages

  • Re: Web Publishing - providing certificates to websites
    ... A wildcard Cert will probably work,...but it should have been originally ... Microsoft ISA Server Partners: Partner Hardware Solutions ... The listener serves the certificate - 'mywebsite.com'. ...
    (microsoft.public.isa)
  • Re: How do I require a client certificate when publishing a Web se
    ... I've exactly the same problem as Bill - ISA returns Error 401 and the HTTP ... I've noticed that in "Choose certificate" dialog there is bad name od the ... ISA server, there is correct name of the certificate in the dialog. ... SSL listener to SSL Client Certificate Authentication, ...
    (microsoft.public.isa.publishing)
  • Re: SSL connecting on OWA 2003
    ... You need a certificate for any connection that is over HTTPS. ... have one for the connection from ISA Server to the OWA server. ... certificate as the one on the OWA server, but it doesn't seem too likely. ...
    (microsoft.public.isa.publishing)
  • Unable to redirect requests to SSL port in ISA
    ... HTTP port or SSL port. ... Select to choose the appropriate certificate, ... correct certificate store on the ISA Server computer. ... The ISA Server computer happens to be the system where the certificate ...
    (microsoft.public.isa)
  • Re: Masive access external website app with a single personal certific
    ... identify and authenticate a client) for many different clients, ... ISA server is a security gateway in first place and I do not think that the ... The certificate is common for all my company users. ... the client connects directly to the app website and for sign the ...
    (microsoft.public.isa)
Loading