Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
"there are no certificates configured on this server" on ISA 2004
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
"there are no certificates configured on this serv... - 18.Jul.2004 1:20:00 PM
|
|
|
zamirl
Posts: 94
Joined: 26.Mar.2002
From: Bat-Yam, Israel
Status: offline
|
I'm testing SSL bridging with ISA 2004.
I exported the certificate with the private key
from the published OWA 2003 web site, and imported it to both the user personal and computer personal certificate stores.
When I configure the listner, it allows to select the imported certificate, however, when I go to the bridge tab of the publishing rule and want to set it to "use a certificate to authenticate to the SSL web server", it says "there are no certificates configured on this server".
This is very strange, and it used to work great with ISA 2000. I already tried to close and reopen the ISA 2004 managment console.
Can some1 assist ?
Liran
|
|
|
|
RE: "there are no certificates configured on this ... - 18.Jul.2004 3:53:00 PM
|
|
|
zamirl
Posts: 94
Joined: 26.Mar.2002
From: Bat-Yam, Israel
Status: offline
|
OK
I noted my mistake, the certificate box is probably intended when client certificate authentication to the web server is required.
The publishing problems I had were partially caused by not suppling the FQDN in the published server name (the target server).
Yet, I got another problem.
If I configure the listner for the use of the certificate, and set the listner for no authentication at all, it actually forwards the request via SSL to the OWA server and I get the form based authentication that I enabled on the Exchange server.
If I set the form based authentication on the listner, I get the form based authentication, but after the form is confirmed, my client browser is getting the URL: https://owa.r2d2.com/CookieAuth.dll?Logon
and it shows:
Unknown Request
The request could not be resolved by the server
Any Ideas ?
|
|
|
|
RE: "there are no certificates configured on this ... - 18.Jul.2004 4:29:00 PM
|
|
|
zamirl
Posts: 94
Joined: 26.Mar.2002
From: Bat-Yam, Israel
Status: offline
|
Faster then a speeding bullet ![[Roll Eyes]](/image/smiles/rolleyes.gif)
It seems that I was able to resolve the problem, but I would like your confirmation regarding the configuration.
1. Exchange 2003, with Stand Alone created web
certificate on the default web site.
2. The Certificate was exported with the private
key and imported to the machine store on the ISA 2004.
3. I configured the Exchange HTTP Virtual server with form based authentication, and later I found out that it caused some of my problems, so I disabled it.
4. I created a secure mail server publishing rule for OWA. I configured the published server name as: owa.r2d2.com and made sure to put an entry in the ISA server hosts file to point this FQDN to the internal IP address of the Exchange server.
5. I configration the web listner to listen on the external adapter on port 443 with the certificate that was imported from the default web site.
I set the authentication to "form based auth."
6. In the Publishing rule "Brifging" tab, I only selected the redirect request to SSL port, without an authentication certificate, where on the "public name" tab contained the external name
of the site (owa.r2d2.com) and the "Paths" tab contained the paths (/exchange/* and so on).
This was pretty much hell.
I'm sure that there is better documentation, but I did not get to it.
I would like to put into an article, but I would like you to confirm that what I did is OK.
thanks
Liran
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
