I'm trying to setup an ISA 2006 machine in our DMZ for OWA. I have a Cisco 5510 as our firewall. No internal users will be using OWA, just for external users.
The ISA server is currently in a workgroup and attached to the internal network, not yet in the DMZ. It's being setup using the Single Network Adapter template.
Our internal domain name is xyz.local. My exchange front-end server is named ExFE and sits in the internal network. We have a domain name registered for my company called abcd.org, and a static IP address for it at Register.com. I want my users to access email from outside by typing in https://mail.abcd.org.
When configuring the request for the certificate, what value do I enter for "Your Site's Common Name"? Do I use the exchange front-end name (ExFE.xyz.local)? Do I put in mail.abcd.org? If so, how would it match anything in our network?
I've read this: " On the Your Site’s Common Name page, enter the common name of the site. The common name is the name that external and internal users will use to access the site. For example, if users will enter https://owa.msfirewall.org into the browser to access the OWA site, you would make the common name owa.msfirewall.org. In our current example, we will enter owa.msfirewall.org into the Common name text box. This is a critical setting. If you do not enter the correct common name, you will see errors when attempting to connect to the secure OWA site "
but I'm unsure as to how it would apply to me, as we have one name internally and another name externally.
Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
1. Make it a domain member or you are half wasting your time
2. The Common Name,...Public Name,...HostHeader,...FQDN are you a bunch of words that effectively all mean the same thing. The Name is the FQDN that the users out in internet land are going to type into their browser to get to the OWA site
3. You need to properly setup Split-DNS so that the FQDN resolves correctly to the LAN IP of the Exchange OWA machine. Throughout all the settings in the Publishing Rule you must identify the Exchange OWA machine by the same FQDN. Never ever ever identify it via an IP# or Netbios Name.
4. The certificate must be requested, purchased, installed at the Exchange OWA machine. Then aftewards export it from there as a PFX File with Private Key. Then import the PFX file into the Certificate Store on the ISA using the Certificates MMC.
< Message edited by pwindell -- 20.Dec.2011 12:12:49 PM >
Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
It needs to be a domain member before the ISA software is installed. If not then you have to export the ISA config,...uninstall ISA,...join the machine,...install ISA,...import the config back in.
The ISA Installation routines needs to "see" the machine is a domain member while it is installing.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Certificate Issuance 
Certificate Issuance - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread