Solved

Is there a good reference for how to configure ISA 2006 with verisign SSL certificates?

Posted on 2009-04-01
3
369 Views
Last Modified: 2012-05-06
I need to secure traffic from the ISA box out whilst leaving internal traffic unencrypted.
     FYI (I have been using web Site Publishing Rules for HTTP,)
I have researched and found that what I want is possible, but I would like to see a "dummies guide" step by step just to make sure i don't miss any caveats. Has anyone seen a good reference or able to provide me with one.

Regards,

Carl
0
Comment
Question by:carlnys
3 Comments
 
LVL 2

Expert Comment

by:ibiadmin6
Comment Utility
http://isaserver.org/ should have answers to your question in the articles.
0
 
LVL 11

Accepted Solution

by:
b_levitt earned 500 total points
Comment Utility
I'm not sure I've seen a walk-thru but without covering basic site publishing, I think I can get you thru the key points.  If I remember correctly the key is in the web listener and manually installing the cert.

First you need the cert.  I believe there is an obscure way to generate the cert request directly from the ISA box, but I prefer to generate the request and install the cert on a IIS box.  You can just create a dummy site to do this, just make sure you include the full domain name in the request.  Once you recieve the cert from verisign and install it, you'll need to export the complete cert to a file (the part you get from verisign only includes the public key).

To do this load the cert manager mmc...
http://technet.microsoft.com/en-us/library/aa997890.aspx

Browse to the Personal/Certificates folder in the mmc and locate your new cert.  Right click --> all tasks --> export

Select "yes, export the primary key" and on the next screen "enable strong protection" and finish up the wizard to create the file.  Copy this file to your ISA box.

On the isa box, take the same steps to open the cert manager mmc and browse to the same Personal/Certificates folder.  Right click it --> all tasks --> import and select your file.

Now for the listener
For simplicity's sake for now, create a new web listener with it's own ip (you can go back later and experiment with a multi-ip, multi-cert listener later).  On the connections tab you check the box that says "enable ssl connections on port:"  Then go to the certificates tab and select the certificate you just installed.

From there it's just a matter of creating a new web publishing rule (during which you select the option for non-secured internal connection) and using your new web listener.

That's basically it.  I bet I didn't get everything but I'm sure there's parts of your situation that are different from mine.  Ultimately I opted not to go this route as it was more important to me for my IIS servers to see the traffic as if it was hitting them directly.
0
 

Author Closing Comment

by:carlnys
Comment Utility
Cheers muchly bro 8^)
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
Debug Tools to analyse IIS process: This article focus on taking memory dumps from IIS to determine which code is taking more time and to analyse which calls hangs/causes more CPU usage. To take dumps,download the following. Install1: To st…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now