• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion of using a Wildcard Certificate in ISA2004 article

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Web Publishing >> Discussion of using a Wildcard Certificate in ISA2004 article Page: [1] 2 3   next >   >>
Login
Message << Older Topic   Newer Topic >>
Discussion of using a Wildcard Certificate in ISA2004 a... - 1.Feb.2004 8:34:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for discussing the Using a wildcard certificate in ISA2004 article at http://isaserver.org/tutorials/2004wildcardcert.html.

Thanks!
Tom

[ February 01, 2004, 08:43 PM: Message edited by: tshinder ]
Post #: 1
RE: Discussion of using a Wildcard Certificate in ISA20... - 1.Feb.2004 10:49:00 PM   
jide

 

Posts: 6
Joined: 30.Jan.2004
From: London
Status: offline
Hi Tom,

Good and informative information as always. But can you do the same thing on ISA 2000 or is this only possible with ISA2004.

Thanks.

Jide

(in reply to tshinder)
Post #: 2
RE: Discussion of using a Wildcard Certificate in ISA20... - 1.Feb.2004 10:54:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jide,

Works great in ISA2000 too.

HTH,
Tom

(in reply to tshinder)
Post #: 3
RE: Discussion of using a Wildcard Certificate in ISA20... - 2.Feb.2004 3:59:00 AM   
willabr

 

Posts: 16
Joined: 19.Jan.2003
From: USA
Status: offline
Publishing Multiple Web Sites:

When I get to adding the second site (www) I do not have the "Create a new certificate" selection. I would have to remove the current certifacte (owa) before I can create a new one. Is this correct or have I done something out of order.

Thansk

(in reply to tshinder)
Post #: 4
RE: Discussion of using a Wildcard Certificate in ISA20... - 2.Feb.2004 5:04:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Bruce,

The second site, which listens for "www.domain.com", is on a *different* Web server, not the same one as the OWA site. Check out the sample lab config to see that there are two Web servers in use. You can accomplish a similar thing with one Web server if you've created two virtual Web servers.

HTH,
Tom

(in reply to tshinder)
Post #: 5
RE: Discussion of using a Wildcard Certificate in ISA20... - 2.Feb.2004 3:40:00 PM   
andifur

 

Posts: 143
Joined: 25.Oct.2001
From: Eastern PA
Status: offline
This is great, but for audit reaons,we are not allowed to publish SSL sites with home grown certs.
Do you know if Verisgn or Thawte allow the creation of wildcard certs?

[ February 02, 2004, 03:40 PM: Message edited by: andifur ]

(in reply to tshinder)
Post #: 6
RE: Discussion of using a Wildcard Certificate in ISA20... - 2.Feb.2004 3:44:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Anthony,

Possibly. I know of less well-known public cert providers that do this, but the big boys probably would require an arm and a leg, since you pay per cert.

Tom

(in reply to tshinder)
Post #: 7
RE: Discussion of using a Wildcard Certificate in ISA20... - 2.Feb.2004 9:54:00 PM   
Linke Loe

 

Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
Hi Tom. I gues this would also work when you only have to publish the OWA-site?

For me it didn't. I followed all steps in your article except those for the second website. When I try to access my OWA-site I get the error mesage: 403 - Forbidden. The server denies the specified URL.

Thanks for the article though. Great work.

(in reply to tshinder)
Post #: 8
RE: Discussion of using a Wildcard Certificate in ISA20... - 2.Feb.2004 11:30:00 PM   
Linke Loe

 

Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
I've taken a closer look at what happens. I've monitored and logged my requests for my OWA-site and saw that every request I made was denied by the default firewall rule, wich denies all traffic. This means that the firewall policy skips the firewall rule created by the web publishing wizard.

When I took a closer look at the firewall rule for the OWA publishing, I saw that the protocols allowed are HTTP and HTTPS, not 'HTTPS Server'. Could this be the problem?

(in reply to tshinder)
Post #: 9
RE: Discussion of using a Wildcard Certificate in ISA20... - 4.Feb.2004 3:56:00 PM   
Linke Loe

 

Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
I've run the article over again and suddenly, the publishing worked...

(in reply to tshinder)
Post #: 10
RE: Discussion of using a Wildcard Certificate in ISA20... - 9.Feb.2004 11:17:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Linke,

That's how it usually works for me [Smile]

Good to hear you got it working and thanks for the follow up!

Tom

(in reply to tshinder)
Post #: 11
RE: Discussion of using a Wildcard Certificate in ISA20... - 25.Feb.2004 7:28:00 PM   
i-have

 

Posts: 1
Joined: 25.Feb.2004
Status: offline
I have the following question about publishing the owa site on a different name than the internal domain name.
I followed the totural with the different name than the domain.
From the internet everyting is working oke. But from the inside (firewall clients) I get an error:

<TD width=
The page cannot be displayed

I added the different name to my dns server as a lookup zone and added the exchange server to it. Now it only works when I turn of the firewall client.

Is there another way of doing this?

Already thanks!

i-have

(in reply to tshinder)
Post #: 12
RE: Discussion of using a Wildcard Certificate in ISA20... - 28.Feb.2004 3:20:00 AM   
gatorz

 

Posts: 17
Joined: 28.Feb.2004
Status: offline
When i go to select the cert in the new Web listener, it tells me there are no certificates configured on this server
i have verified that the certificate is installed per the article

any ideas

(in reply to tshinder)
Post #: 13
RE: Discussion of using a Wildcard Certificate in ISA20... - 28.Feb.2004 3:20:00 AM   
gatorz

 

Posts: 17
Joined: 28.Feb.2004
Status: offline
When i go to select the cert in the new Web listener, it tells me there are no certificates configured on this server
i have verified that the certificate is installed per the article

any ideas

(in reply to tshinder)
Post #: 14
RE: Discussion of using a Wildcard Certificate in ISA20... - 19.Apr.2004 5:51:00 PM   
JamesD

 

Posts: 1
Joined: 19.Apr.2004
From: UK
Status: offline
Just a warning regarding Wildcard certificates... the successful validation (client-side) of SSL certificates is application dependant.

For example, using your PocketPC to browse a web site protected by a wildcard SSL certificate works fine..... however, if you publish Server ActiveSync using a wildcard SSL certificate, the client-side ActiveSync application will refuse to validate the server's certificate (unless certificate validation is disabled).

This has been confirmed as expected behaviour by Microsoft PSS.

So just beware, and double-check any non-browser apps before you shell out!

Cheers,
James.

(in reply to tshinder)
Post #: 15
RE: Discussion of using a Wildcard Certificate in ISA20... - 19.Apr.2004 7:33:00 PM   
paulbaldwin

 

Posts: 139
Joined: 2.Apr.2004
From: Lancashire, UK
Status: offline
Hi James,

You've got me there.

I've been using a wildcard certificate for OWA, OMA, RPC over HTTP, Sharepoint and Exchange ActiveSync! I used both SmartPhones and iPaqs running PocketPC 2002 (and 2003 I think).

What have Microsoft PSS been telling you?

(in reply to tshinder)
Post #: 16
RE: Discussion of using a Wildcard Certificate in ISA20... - 19.Apr.2004 8:25:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hey guys,

Paul is THE MAN when it comes to ISA and Smart Phone deployment. When he says it works, it DOES.

HTH<
Tom

(in reply to tshinder)
Post #: 17
RE: Discussion of using a Wildcard Certificate in ISA20... - 20.Apr.2004 11:22:00 AM   
paulbaldwin

 

Posts: 139
Joined: 2.Apr.2004
From: Lancashire, UK
Status: offline
Hi All,

Why do I feel like I'm hanging by a thread over an abyss when Tom says something like that?

James is pretty well correct! [Embarrassed]

In my post I said "2003 I think" because I had no-one running it at the time -- but I had to check and:

Windows Mobile 2003 does not support wildcard certificates! Both ActiveSync and Pocket IE will complain about the common-name on the certificate not matching the site name.

Yet PPC2002 works fine.

Drat; caught with my trousers down... again!

(in reply to tshinder)
Post #: 18
RE: Discussion of using a Wildcard Certificate in ISA20... - 20.Apr.2004 11:40:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Paul,

LOL! Been there myself a few times [Wink]

Keep up the good work!

Tom

(in reply to tshinder)
Post #: 19
RE: Discussion of using a Wildcard Certificate in ISA20... - 23.Apr.2004 2:03:00 AM   
Guest
I have having the same problem as gatorz posted. Any ideas?

Thanks!

---------------------------------

>gatorz
>posted February 28, 2004 03:20 AM
>--------------------------------
> When i go to select the cert in the new Web listener, it tells me there are no certificates configured on this server
i have verified that the certificate is installed per the article

>any ideas

(in reply to tshinder)
  Post #: 20

Page:   [1] 2 3   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Web Publishing >> Discussion of using a Wildcard Certificate in ISA2004 article Page: [1] 2 3   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts