Solved

Is there a good reference for how to configure ISA 2006 with verisign SSL certificates?

Posted on 2009-04-01
3
374 Views
Last Modified: 2012-05-06
I need to secure traffic from the ISA box out whilst leaving internal traffic unencrypted.
     FYI (I have been using web Site Publishing Rules for HTTP,)
I have researched and found that what I want is possible, but I would like to see a "dummies guide" step by step just to make sure i don't miss any caveats. Has anyone seen a good reference or able to provide me with one.

Regards,

Carl
0
Comment
Question by:carlnys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 2

Expert Comment

by:ibiadmin6
ID: 24046019
http://isaserver.org/ should have answers to your question in the articles.
0
 
LVL 11

Accepted Solution

by:
b_levitt earned 500 total points
ID: 24046653
I'm not sure I've seen a walk-thru but without covering basic site publishing, I think I can get you thru the key points.  If I remember correctly the key is in the web listener and manually installing the cert.

First you need the cert.  I believe there is an obscure way to generate the cert request directly from the ISA box, but I prefer to generate the request and install the cert on a IIS box.  You can just create a dummy site to do this, just make sure you include the full domain name in the request.  Once you recieve the cert from verisign and install it, you'll need to export the complete cert to a file (the part you get from verisign only includes the public key).

To do this load the cert manager mmc...
http://technet.microsoft.com/en-us/library/aa997890.aspx

Browse to the Personal/Certificates folder in the mmc and locate your new cert.  Right click --> all tasks --> export

Select "yes, export the primary key" and on the next screen "enable strong protection" and finish up the wizard to create the file.  Copy this file to your ISA box.

On the isa box, take the same steps to open the cert manager mmc and browse to the same Personal/Certificates folder.  Right click it --> all tasks --> import and select your file.

Now for the listener
For simplicity's sake for now, create a new web listener with it's own ip (you can go back later and experiment with a multi-ip, multi-cert listener later).  On the connections tab you check the box that says "enable ssl connections on port:"  Then go to the certificates tab and select the certificate you just installed.

From there it's just a matter of creating a new web publishing rule (during which you select the option for non-secured internal connection) and using your new web listener.

That's basically it.  I bet I didn't get everything but I'm sure there's parts of your situation that are different from mine.  Ultimately I opted not to go this route as it was more important to me for my IIS servers to see the traffic as if it was hitting them directly.
0
 

Author Closing Comment

by:carlnys
ID: 31565621
Cheers muchly bro 8^)
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question