Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Client Certificates

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Client Certificates Page: [1]
Login
Message << Older Topic   Newer Topic >>
Client Certificates - 31.May2004 6:51:00 AM   
bbroadfoot

 

Posts: 20
Joined: 23.Mar.2004
From: New Zealand
Status: offline 		Currently have 2 rules (not running concurrently):
Rule 1:
SSL Tunnelling via HTTPS and Client Certificates works fine, but there is no inspection in between (i.e. the Web Server has to handle authentication et al and nothing is examined by ISA - it lets the packet on through!)

Rule 2:
SSL Bridging via HTTPS works fine, but as soon as I introduce Client Certificates into the equation it goes belly up - it appears to be a DNS issue although I am not completely sure - the client resolves the name of the site, but after that nothing much happens...

Anyone else had this problem? Does anyone else use Client Certificates against their web servers and if so, how have they got this implemented?

Any assistance or guidance would be much appreciated.

Regards,
Bart
Post #: 1
RE: Client Certificates - 31.May2004 8:13:00 PM   
tshinder

 

Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Bart,

Make sure the client certificate authentication takes place at the ISA firewall, then use a second form of authentication with the Web server itself.

HTH,
Tom

(in reply to bbroadfoot)
Post #: 2
RE: Client Certificates - 1.Jun.2004 12:45:00 AM   
bbroadfoot

 

Posts: 20
Joined: 23.Mar.2004
From: New Zealand
Status: offline 		Hi Tom,

Thanks for the reply. Unfortunately the web application relies on the information within the client certificate to dictate what areas of the application are available.

So it looks like an SSL Tunnel will be needed for this particular application. If I were to use an SSL Bridge and use a client certificate for ISA than the 'rules' above would not be met.

I'll just put this down as a 'limitation' of ISA, but it still rocks!

Thanks again for the prompt response.

Regards,
Bart

(in reply to bbroadfoot)
Post #: 3
RE: Client Certificates - 2.Jun.2004 12:29:00 AM   
tshinder

 

Posts: 47663
Joined: 10.Jan.2001
From: Texas
Status: offline 		Hi Bart,

No problem! But its a limitation of any type of proxy bridging (termination and initiation) not an ISA firewall issue. But the SSL tunnel will solve the problem, but without the enhanced security of SSL to SSL bridging.

HTH,
Tom

(in reply to bbroadfoot)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> Client Certificates Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts