I was wondering if i can get some insight with OCS certificate issues with the SAN and subject name for ISA 2006 Sp1 reverse proxying of the addres book.
I have setup up environment. and the edge server. All 3rd party certificates are isntalled on the edge and remote logon works great. My only issue is i cannot for the life of me, get my ISA 2006 SP1 web listener configured for reverse proxying for external users.
my cert is issued by an internal ca. I am using Split DNS on our network.
The cert has the following -
Subject name -> ocsserver1.company.ca (internal domain)
SAN --> ocsserver.company.ca (internal domain)
ocsserver.company.com (for address book publishing) and external domain.
sip.company.com (for external and internal)
now when i setup the listener - no authentication ssl. and publish the site.
as follows -
internal site - ocsserver.company.ca
external site - ocsserver.company.com
I get an error for the listener - The selected web listener is not configured with a certificate matching the public name defined in the wizard.
I have read a few blogs where it states -
"ISA 2006 server checks the first SAN listed in the certificate against
the Internal Site Name specified in the web publishing rule. If there is
no match the connection will fail. Even if the main Subject name of the
certificate is correct ISA only checks the first SAN".
Can someone who has split dns in their environment and has successfuly published their address book pls provide some insight into what i have missed.