Re: Web server inside SBS 2003 firewall

Tech-Archive recommends: Speed Up your PC by fixing your registry

Chip,

With SSL, yes that is a little different, since the url name needs to match
that of the common name on the certificate.. For example, if you wanted to
connect to https://www.contoso.com then the certificates common name would
need to be www.contoso.com, if it's not then the user should get a popup
dialog stating that the name on the certificate doesn't match and give you
the option to continue or not, as well as, view/install the certificate.

In the SSL case, you'd need different listeners on either different IP's
and/or ports with different certificates having the appropriate common
name...

http://support.microsoft.com/default.aspx?scid=KB;EN-US;305052
http://support.microsoft.com/default.aspx?scid=KB;EN-US;838252


Also, take a look at the httpcfg utility on how to configure IIS to only
listen on specific IP's

http://support.microsoft.com/default.aspx?scid=kb;en-us;813368

For example,

httpcfg query ssl


--

Hope that helps,
David Copeland
Microsoft Small Business Server Support

This posting is provided "AS IS" with no warranties, and confers no rights.

Newsgroups:
SBS v4.x : microsoft.public.backoffice.smallbiz
SBS 2000: microsoft.public.backoffice.smallbiz2000
SBS 2003: microsoft.public.windows.server.sbs


"ChipW" <Chip@xxxxxxxxxxxxxx> wrote in message
news:eZ%23%23e4MUFHA.2616@xxxxxxxxxxxxxxxxxxxxxxx
> Dave, I'm wanting to do the same thing as your senario #4 (publishing
> behind ISA) Are there any implications with SSL and "Public" security
> certificates in this senario? Otherwise I'd be forced to put our MS Web
> Server Edition member server into the DMZ or forward ports, etc. I like
> the ISA option because the ISA reports are so informative. Whats the best
> option?
>
> Thanks
> Chip
>
>
> "David Copeland [MSFT]" <davidcop@xxxxxxxxxxxxxxxxxxxx> wrote in message
> news:eMYioCFUFHA.2172@xxxxxxxxxxxxxxxxxxxxxxx
>> John,
>>
>> SBS would be redirecting your external IP address to the SBS server's
>> internal IP address for TCP port 80/443 (HTTP/HTTPS) in order to be able
>> to access things like Remote Web Workplace, OWA, OMA, Server ActiveSync
>> etc. In order to publish another server behind the SBS server, you could
>> to do one of the following
>>
>> 1) have another Internet IP address and redirect it's TCP port 80 back to
>> the other server, thus one fully qualified domain name would go to one IP
>> and the other fqdn would go to the other
>> 2) put the internal server on a different port and then redirect say TCP
>> Port 81 of the SBS server's Internet IP address back to the internal
>> server. In this case, the url for the one using port 81 would be
>> something like http://www.contoso.com:81
>> 3) combination of 1 and 2
>> 4) upgrade to SBS 2003 Premium Edition and use ISA to be able to redirect
>> to the different sites based on the url specified.. So for example,
>> http://www.contoso.com would go to the SBS server, but
>> http://www.tailspintoys.com would be redirected to your internal server,
>> even though both names resolved to the same Internet IP address/port.
>>
>> --
>>
>> Hope that helps,
>> David Copeland
>> Microsoft Small Business Server Support
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>> SBS Newsgroups:
>>
>> SBS v4.x: microsoft.public.backoffice.smallbiz
>> SBS 2000: microsoft.public.backoffice.smallbiz2000
>> SBS 2003: microsoft.public.windows.server.sbs
>>
>> "John Sokolowski" <john@xxxxxxxxx> wrote in message
>> news:eK%23iY3EUFHA.544@xxxxxxxxxxxxxxxxxxxxxxx
>>> I'm running SBS 2003 Standard Edition with 2 NICs. One to public IP and
>>> one to private network. SBS 2003 serves as domain controller, firewall,
>>> dns server and dhcp server. I have a separate machine on the private
>>> network running Linux with an Apache Web Server. I would like to make
>>> this web server visible to the public network. My web FQDN points to my
>>> public IP address. I have the web server private IP in my dns table on
>>> my SBS 2003 server. However, when I try to access the web server from
>>> the internet I get a message saying the web page can not be found. How
>>> do I make this internal web server visible through the SBS 2003 server?
>>>
>>> John Sokolowski
>>>
>>>
>>
>>
>
>


.

Relevant Pages

  • RE: Help with Internet and Email wizard
    ... Thank you for posting in the SBS newsgroup. ... On SBS Server, run the CEICW, go through "Connection Type" page, on ... Since we don't want to set up an external internet access, ... We can select Option one "Create a new Web server certificate" to ...
    (microsoft.public.windows.server.sbs)
  • RE: ActiveSync and T-Mobile Treo 650
    ... Thank you for posting in the SBS newsgroup. ... Generally, to publish ActiveSync, you just need to run the CEICW and enable ... Method 2 - Replace your Exchange Web Publishing rule with a Server ... new certificate on the Exchange server to match the new url being used to ...
    (microsoft.public.windows.server.sbs)
  • Re: Outlook RPC over HTTp deosnt work
    ... Certificate, click Install Certificate, and then follow the instructions. ... when you try to use RPC over HTTP to connect the Exchange Server. ... In SBS 2003, we don't have to manually configure RPC over HTTP. ...
    (microsoft.public.windows.server.sbs)
  • Re: Outlook RPC over HTTp deosnt work
    ... Certificate, click Install Certificate, and then follow the instructions. ... when you try to use RPC over HTTP to connect the Exchange Server. ... In SBS 2003, we don't have to manually configure RPC over HTTP. ...
    (microsoft.public.windows.server.sbs)
  • Re: Certifcate reset error - Need for mobile device connect
    ... That is why I am thinking of revoking the current GoDaddy certificate and removing the certificate from default and requesting a new one. ... Have you installed the GoDaddy cert on the SBS box yet yet? ... What I am trying to accopmlish is to have my SBS exchange server synch wireless with a Motorola Q phone. ... Manager packet from the SBS 2003 server to recreate the VPN connection. ...
    (microsoft.public.windows.server.sbs)