?
Solved

Is there a good reference for how to configure ISA 2006 with verisign SSL certificates?

Posted on 2009-04-01
3
Medium Priority
?
375 Views
Last Modified: 2012-05-06
I need to secure traffic from the ISA box out whilst leaving internal traffic unencrypted.
     FYI (I have been using web Site Publishing Rules for HTTP,)
I have researched and found that what I want is possible, but I would like to see a "dummies guide" step by step just to make sure i don't miss any caveats. Has anyone seen a good reference or able to provide me with one.

Regards,

Carl
0
Comment
Question by:carlnys
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 2

Expert Comment

by:ibiadmin6
ID: 24046019
http://isaserver.org/ should have answers to your question in the articles.
0
 
LVL 11

Accepted Solution

by:
b_levitt earned 2000 total points
ID: 24046653
I'm not sure I've seen a walk-thru but without covering basic site publishing, I think I can get you thru the key points.  If I remember correctly the key is in the web listener and manually installing the cert.

First you need the cert.  I believe there is an obscure way to generate the cert request directly from the ISA box, but I prefer to generate the request and install the cert on a IIS box.  You can just create a dummy site to do this, just make sure you include the full domain name in the request.  Once you recieve the cert from verisign and install it, you'll need to export the complete cert to a file (the part you get from verisign only includes the public key).

To do this load the cert manager mmc...
http://technet.microsoft.com/en-us/library/aa997890.aspx

Browse to the Personal/Certificates folder in the mmc and locate your new cert.  Right click --> all tasks --> export

Select "yes, export the primary key" and on the next screen "enable strong protection" and finish up the wizard to create the file.  Copy this file to your ISA box.

On the isa box, take the same steps to open the cert manager mmc and browse to the same Personal/Certificates folder.  Right click it --> all tasks --> import and select your file.

Now for the listener
For simplicity's sake for now, create a new web listener with it's own ip (you can go back later and experiment with a multi-ip, multi-cert listener later).  On the connections tab you check the box that says "enable ssl connections on port:"  Then go to the certificates tab and select the certificate you just installed.

From there it's just a matter of creating a new web publishing rule (during which you select the option for non-secured internal connection) and using your new web listener.

That's basically it.  I bet I didn't get everything but I'm sure there's parts of your situation that are different from mine.  Ultimately I opted not to go this route as it was more important to me for my IIS servers to see the traffic as if it was hitting them directly.
0
 

Author Closing Comment

by:carlnys
ID: 31565621
Cheers muchly bro 8^)
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question