RE: SBS2003 ISA2004, SSL naming issue
- From: damianl@xxxxxxxxxxxxxxxxxxxx ("Damian N Leibaschoff [MSFT]")
- Date: Thu, 02 Feb 2006 16:20:59 GMT
Hi,
Did you install your new certificate in IIS or in ISA?
What you usually want to do with an ISA/IIS configuration like this, is to
just install your new certificate on the Incoming web listener in ISA and
still use the internal generated certiticate in IIS.
On the default SBS configuration of ISA, you are working with 2 SSL
tunnels. One from public to ISA and one from ISA to IIS.
The only one your clients will see is the public to ISA, thus the need to
just replace the certificate on the incoming listener in ISA (Get to the
Toolbox in ISA management, Network Objects, Web Listeners, Open the SBS Web
Listener, preferences tab, and Select your public certificate).
In your default web site, you want to switch it back to using the self
generated Publishing cert so you don't have to change anything on the
publishing rules. In IIS management, properties of the default web site,
Directory security tab, click on Server Certificate, Next, Replace the
Current Certificate, select the Publishing cert.
To test, open IE and connect to https://servername (the cert has several
aliases). Your internal SSL connection should not have any warnings for the
ISA to properly be able to publish.
Regards,
Damian
Damian N. Leibaschoff, MS IST, MCSE
Microsoft Corporation
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: "Joseph Walsh" <joe.walsh@xxxxxxxxxxxx>
Subject: SBS2003 ISA2004, SSL naming issue
Date: Thu, 2 Feb 2006 14:52:35 -0000
Lines: 19
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-RFC2646: Format=Flowed; Original
Message-ID: <OmC7OhAKGHA.3896@xxxxxxxxxxxxxxxxxxxx>
Newsgroups: microsoft.public.windows.server.sbs
NNTP-Posting-Host: cpc2-bele5-5-0-cust102.belf.cable.ntl.com 86.15.6.102
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:241361
X-Tomcat-NG: microsoft.public.windows.server.sbs
Hi, I have a server with SBS2003 and ISA2004. I wanted to add an SSL
certificate to the OMA and OWA sites, so I obtained one in the format
myserver.domain.net from a third party and installed it on the server and
in the ISA2004 firewall rule.
ISA shows the TO part of the publishing rule as publishing.domain.local
When I try and access the site externally I get
a.. Error Code: 500 Internal Server Error. The target principal name is
incorrect. (-2146893022)
What should I have named the server on the certificate and how do I solve
the problem?
Any help greatly appreciated.
.
- Follow-Ups:
- Re: SBS2003 ISA2004, SSL naming issue
- From: Joseph Walsh
- Re: SBS2003 ISA2004, SSL naming issue
- References:
- SBS2003 ISA2004, SSL naming issue
- From: Joseph Walsh
- SBS2003 ISA2004, SSL naming issue
- Prev by Date: Re: Need to add redundancy
- Next by Date: RE: Connecting to external computer's folder
- Previous by thread: SBS2003 ISA2004, SSL naming issue
- Next by thread: Re: SBS2003 ISA2004, SSL naming issue
- Index(es):
Relevant Pages
|
