Solved

Is there a good reference for how to configure ISA 2006 with verisign SSL certificates?

Posted on 2009-04-01
3
371 Views
Last Modified: 2012-05-06
I need to secure traffic from the ISA box out whilst leaving internal traffic unencrypted.
     FYI (I have been using web Site Publishing Rules for HTTP,)
I have researched and found that what I want is possible, but I would like to see a "dummies guide" step by step just to make sure i don't miss any caveats. Has anyone seen a good reference or able to provide me with one.

Regards,

Carl
0
Comment
Question by:carlnys
3 Comments
 
LVL 2

Expert Comment

by:ibiadmin6
ID: 24046019
http://isaserver.org/ should have answers to your question in the articles.
0
 
LVL 11

Accepted Solution

by:
b_levitt earned 500 total points
ID: 24046653
I'm not sure I've seen a walk-thru but without covering basic site publishing, I think I can get you thru the key points.  If I remember correctly the key is in the web listener and manually installing the cert.

First you need the cert.  I believe there is an obscure way to generate the cert request directly from the ISA box, but I prefer to generate the request and install the cert on a IIS box.  You can just create a dummy site to do this, just make sure you include the full domain name in the request.  Once you recieve the cert from verisign and install it, you'll need to export the complete cert to a file (the part you get from verisign only includes the public key).

To do this load the cert manager mmc...
http://technet.microsoft.com/en-us/library/aa997890.aspx

Browse to the Personal/Certificates folder in the mmc and locate your new cert.  Right click --> all tasks --> export

Select "yes, export the primary key" and on the next screen "enable strong protection" and finish up the wizard to create the file.  Copy this file to your ISA box.

On the isa box, take the same steps to open the cert manager mmc and browse to the same Personal/Certificates folder.  Right click it --> all tasks --> import and select your file.

Now for the listener
For simplicity's sake for now, create a new web listener with it's own ip (you can go back later and experiment with a multi-ip, multi-cert listener later).  On the connections tab you check the box that says "enable ssl connections on port:"  Then go to the certificates tab and select the certificate you just installed.

From there it's just a matter of creating a new web publishing rule (during which you select the option for non-secured internal connection) and using your new web listener.

That's basically it.  I bet I didn't get everything but I'm sure there's parts of your situation that are different from mine.  Ultimately I opted not to go this route as it was more important to me for my IIS servers to see the traffic as if it was hitting them directly.
0
 

Author Closing Comment

by:carlnys
ID: 31565621
Cheers muchly bro 8^)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question