We help IT Professionals succeed at work.
Get Started
ocs 2007 Reverse proxy certificate woes.
Hello,
I was wondering if i can get some insight with OCS certificate issues with the SAN and subject name for ISA 2006 Sp1 reverse proxying of the addres book.
I have setup up environment. and the edge server. All 3rd party certificates are isntalled on the edge and remote logon works great. My only issue is i cannot for the life of me, get my ISA 2006 SP1 web listener configured for reverse proxying for external users.
my cert is issued by an internal ca. I am using Split DNS on our network.
The cert has the following -
Subject name -> ocsserver1.company.ca (internal domain)
SAN --> ocsserver.company.ca (internal domain)
ocsserver.company.com (for address book publishing) and external domain.
sip.company.com (for external and internal)
now when i setup the listener - no authentication ssl. and publish the site.
as follows -
internal site - ocsserver.company.ca
external site - ocsserver.company.com
I get an error for the listener - The selected web listener is not configured with a certificate matching the public name defined in the wizard.
I have read a few blogs where it states -
"ISA 2006 server checks the first SAN listed in the certificate against
the Internal Site Name specified in the web publishing rule. If there is
no match the connection will fail. Even if the main Subject name of the
certificate is correct ISA only checks the first SAN".
Can someone who has split dns in their environment and has successfuly published their address book pls provide some insight into what i have missed.
I was wondering if i can get some insight with OCS certificate issues with the SAN and subject name for ISA 2006 Sp1 reverse proxying of the addres book.
I have setup up environment. and the edge server. All 3rd party certificates are isntalled on the edge and remote logon works great. My only issue is i cannot for the life of me, get my ISA 2006 SP1 web listener configured for reverse proxying for external users.
my cert is issued by an internal ca. I am using Split DNS on our network.
The cert has the following -
Subject name -> ocsserver1.company.ca (internal domain)
SAN --> ocsserver.company.ca (internal domain)
ocsserver.company.com (for address book publishing) and external domain.
sip.company.com (for external and internal)
now when i setup the listener - no authentication ssl. and publish the site.
as follows -
internal site - ocsserver.company.ca
external site - ocsserver.company.com
I get an error for the listener - The selected web listener is not configured with a certificate matching the public name defined in the wizard.
I have read a few blogs where it states -
"ISA 2006 server checks the first SAN listed in the certificate against
the Internal Site Name specified in the web publishing rule. If there is
no match the connection will fail. Even if the main Subject name of the
certificate is correct ISA only checks the first SAN".
Can someone who has split dns in their environment and has successfuly published their address book pls provide some insight into what i have missed.
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE