Forefront with internal signed certs

timbrigham used Ask the Experts™

on 2011-05-17

When I have users connect over VPN using my Forefront TMG server I'm having problems with internally used self signed certificates. The behavior looks like TMG is attempting an inspection and killing it when the certificate isn't in the trusted root store. I've verified this by adding one of the self signed certs, making that published service available. I would really like to avoid this practice.

My client systems shouldn't be using the HTTPS inspection for any intra network communication. My internal systems do not display this behavior. How can I adjust the VPN clients to behave in the same fashion?

Comment

Watch Question

Do more with

Expert Office

EXPERT OFFICE^® is a registered trademark of EXPERTS EXCHANGE^®

View Solution Only

Suliman Abu KharroubIT Consultant

Verified Expert

Commented: 2011-05-17

You can add these internal sites to destination expedition list in https inspection configurations.

timbrigham

Author

Commented: 2011-05-18

Perfect. Should have thought of that.

Do more with

Expert Office

Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial

Explore our Suite of Services

Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial

Facebook
Twitter
LinkedIn
https://www.experts-exchange.com/questions/27044071/Forefront-with-internal-signed-certs.html copy