Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
2006: Publish additional SSL site - run into problems with Web Listener
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
2006: Publish additional SSL site - run into problems w... - 8.Jan.2007 3:41:40 PM
|
|
|
djmasters
Posts: 10
Joined: 25.Jan.2004
Status: offline
|
Single NIC ISA 2006 in a DMZ, ISA Server only has one IP address.
Used the OWA wizard to publish OWA, works like a champ. SSL Cert is
mobile.domain.com. Trying to publish another website that uses SSL,
we have purchased a wildcard cert since publishing OWA, so we have a
*.domain.com installed on the ISA server as well. Trying to use the
*.domain.com cert on the new site's Web Listener. The new website
I'm trying publish does not reside on the same server as the OWA site.
From what I do understand, ISA will figure out which page to send the
request based on the host header.
So, my listeners look like this:
mobile.domain.com
Networks: Internal
Port(HHTP): Disabled
Port(HTTPS): 443
Certificate: mobile.domain.com
Authentication Methods: No Authentication
repnet.domain.com
Networks: Internal
Port(HHTP): Disabled
Port(HTTPS): 443
Certificate: *.domain.com
Authentication Methods: No Authentication
When I try to use the repnet listener I get the following error:
"A Web listener specifying the same port and similar IP address is
already used by rule "mobile.domain.com". The port and IP address
specified in a Web listener cannot overlap with the IP address and
ports specified in another Web listener already used in a different
rule"
So, is this telling me that for every webpage that I want to publish I
have to give the ISA server additional IP addresses in the DMZ? I
know this might sound stupid, but I really don't know much about ISA..
Googling has been little help and the ISA 2004 books haven't helped
much either, please speak slowly & use small words :-)
Thanks..
|
|
|
|
|
RE: 2006: Publish additional SSL site - run into proble... - 9.Jan.2007 4:52:34 PM
|
|
|
brigettabrannon
Posts: 13
Joined: 6.Mar.2006
Status: offline
|
Hi,
Our SSL environment started the same way.
Here's the thing, if you're running a wildcard on ISA, you shouldn't need any other certs on ISA - this is when they're running on the same port, as in your case. This is if your "domain.com" is the same.
Someone else may have additional information on this. But from what I've seen, you've should be able to set your OWA rule to use the wildcard cert listener and get rid of the first listener.
Hope this helps, it can get awfully confusing
Brigetta
|
|
|
|
|
RE: 2006: Publish additional SSL site - run into proble... - 9.Jan.2007 6:44:56 PM
|
|
|
djmasters
Posts: 10
Joined: 25.Jan.2004
Status: offline
|
quote:
ORIGINAL: brigettabrannon
Hi,
Our SSL environment started the same way.
Here's the thing, if you're running a wildcard on ISA, you shouldn't need any other certs on ISA - this is when they're running on the same port, as in your case. This is if your "domain.com" is the same.
Someone else may have additional information on this. But from what I've seen, you've should be able to set your OWA rule to use the wildcard cert listener and get rid of the first listener.
Hope this helps, it can get awfully confusing
Brigetta
That was kind of what I was thinking, but as I understand from reading the ISA2004 document on the subject, the wildcard cert may/will cause the Windows Smartphones to freak out, although the article was in reference to Windows Mobile 2003 phone. I do not know if Windows Mobile 5 phones have the same issue with the wildcard cert. If someone knows, please enlighten me.
*If* I'm understanding correctly, I should only have one listener per "port" for incoming traffic to direct it, and trying to have two HTTPS/SSL/443's is probably going to cause me undue stress!!
|
|
|
|
|
RE: 2006: Publish additional SSL site - run into proble... - 10.Jan.2007 9:45:58 AM
|
|
|
djmasters
Posts: 10
Joined: 25.Jan.2004
Status: offline
|
I just noticed that there are different groups for the different versions of ISA and I have posted a 2006 question in the 2004 group, I apologize. I'll take this to the right group.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
