Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA & Tomcat question

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> ISA & Tomcat question Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA & Tomcat question - 14.Dec.2006 5:23:57 PM   
tatavarthi

 

Posts: 4
Joined: 14.Dec.2006
Status: offline 		Can ISA 2004 do SSL Bridging with tomcat/apache webserver? Or does ISA work with only IIS?

Thanks,
Sreedhar
Post #: 1
RE: ISA & Tomcat question - 14.Dec.2006 6:18:42 PM   
ClintD

 

Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline 		Yes, ISA can bridge requests to Apache w/ Tomcat - I have quite a few systems like this at work (as well as Apache w/ WebLogic, WebLogic directly, WebSphere, etc...)

SSL bridging works fine as well - just remember, no wildcard cert on the internal SSL  session with ISA 2004 (from ISA to Apache/Tomcat). This works OK with ISA 2006 though.

(in reply to tatavarthi)
Post #: 2
RE: ISA & Tomcat question - 14.Dec.2006 6:24:58 PM   
tatavarthi

 

Posts: 4
Joined: 14.Dec.2006
Status: offline 		Can you provide me any instructions on how to do this? Any pointers are greatly appreciated.

Thanks,
Sreedhar

(in reply to ClintD)
Post #: 3
RE: ISA & Tomcat question - 14.Dec.2006 7:10:08 PM   
ClintD

 

Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline 		Just run through the Web Publishing Rule wizard - it's really pretty simple. Just report back with any problems.

(in reply to tatavarthi)
Post #: 4
RE: ISA & Tomcat question - 15.Dec.2006 4:38:04 AM   
vsengmany

 

Posts: 3
Joined: 24.Jun.2004
Status: offline 		hi,

I don't use apache web server but only the tomcat web server. Is there any difference for isa publising ?

Regards,

(in reply to ClintD)
Post #: 5
RE: ISA & Tomcat question - 15.Dec.2006 12:37:29 PM   
ClintD

 

Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline 		None that I've seen.

(in reply to vsengmany)
Post #: 6
RE: ISA & Tomcat question - 16.Dec.2006 2:32:17 PM   
tatavarthi

 

Posts: 4
Joined: 14.Dec.2006
Status: offline 		I did try using the Rule Wizard. The issue I am having is that the certificate request was generated in a Java Key Store. Java Keystore can give me an exported certificate and a private key, but only as two different files. So there is no option to export a private key in to the certificate as a single file.

Tom Shinders book talks about making sure to include private key in to the certificate. I did import the certifacte from Java Keystore, but I was not succesful in setting up the publishing rule (may be because there is no private key)

Is there a way to import a private key alone in to ISA server machine key store? (Since I can get the private key from JKS as a seperate file)

Thanks,
Sreedhar


(in reply to ClintD)
Post #: 7
RE: ISA & Tomcat question - 17.Dec.2006 9:27:23 AM   
tatavarthi

 

Posts: 4
Joined: 14.Dec.2006
Status: offline 		I fugured out a programmatic way to convert keystore entries stored in JKS(Java proprietary format) to PKCS12 format. Will post again once I get the web publishing rule up and running.

Sreedhar

(in reply to tatavarthi)
Post #: 8
RE: ISA & Tomcat question - 21.Dec.2006 11:29:19 AM   
remjr1us

 

Posts: 4
Joined: 7.May2004
From: Texas
Status: offline 		ClintD,

I'm troubleshooting a issue getting a pair of Weblogic servers to work from behind my ISA 2004 (as published websites).  Simple .html works fine, just not Weblogic redirects.  Would you be interested in helping$ (I'm in Dallas).

EarlM
earl.mitchell@freemanco.com

(in reply to ClintD)
Post #: 9
RE: ISA & Tomcat question - 9.Jan.2007 5:11:20 PM   
sallyb

 

Posts: 7
Joined: 1.Aug.2006
Status: offline 		Hi

I am having a similar problem. I have ISA 2004 and am using OWA with a certificate and listener. All fine. I've also published other secure sites on the same IP address.
Now due to an update problem on an application the work around to access a website is to use tomcat rather than IIS. The website works internally on
http://localhost:8888/eportal/index.jsp also on http://servername:8888/eportal/index.jsp

I can't get the webpublishing rule to work externally. I get through to the OWA page, then onto the application login page then authenication fails. How can I be sure I am redirecting to the right port.
I've added port 8888 onto the bridging tab

Thanks in advance

Sally

(in reply to tatavarthi)
Post #: 10
RE: ISA & Tomcat question - 5.Jun.2007 8:28:19 AM   
KathleenNetEng

 

Posts: 1
Joined: 5.Jun.2007
Status: offline 		I was looking for the answer to the same question, how to convert a keystore file into PKCS12 format and have the answer finally.  I am posting it here as reference for everyone else trying to publish Apache Tomcat behind an ISA server. 

First, download Java JDK from http://java.sun.com/javase/downloads/index.jsp.  It will install some tools you will need in the bin file.  From the command prompt, browse to the bin directory.  The command looks like:

keytool -importkeystore -srckeystore [path to your keystore file] -destkeystore [path to the .p12 file you want to create] -deststoretype pkcs12

It will prompt you for a password for the new keystore (the pkcs12 package you're creating) and a confirmation of that password.  Then it will prompt you for the password of the original keystore.  If you get a Success message then you should have your pkcs12 package which you can install on the ISA Server in order to publish HTTPS to your Apache Tomcat server.

Kathleen

(in reply to sallyb)
Post #: 11
RE: ISA & Tomcat question - 8.Jun.2007 8:48:24 PM   
Jason Jones

 

Posts: 2154
Joined: 30.Jul.2002
From: United Kingdom
Status: offline 		Nice tip Kathleen!

_____________________________

Jason Jones (MVP)

Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/

Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to KathleenNetEng)
Post #: 12
RE: ISA & Tomcat question - 15.Jun.2007 6:23:31 AM   
roddymatheson

 

Posts: 3
Joined: 15.Jun.2007
Status: offline 		I am trying to publish by JBoss website (which uses Tomcat for serving the pages) though ISA2004 (SBS2003Pro) but there is some strange behaviour.

I'm not using SSL at this stage as I want to getit working properly with http first. When I publish the internal JBoss site in ISA using 'All Users' there is no problem logging on to the JBoss website (using its own login page). But if I change the web publishing rule to use 'Authenticated Users', this stops working. The user is asked to enter network credentials as expected and this is fine, but when trying to log in to the JBoss site after authentication the user is told his login is incorrect.

Any ideas - the JBoss site works perfectly internally and when not using Authenticated access through ISA but turn Authenticated access on and it stops working.

(in reply to tatavarthi)
Post #: 13
RE: ISA & Tomcat question - 18.Jun.2007 12:05:46 PM   
roddymatheson

 

Posts: 3
Joined: 15.Jun.2007
Status: offline 		I'm guessing this is really a new subject so I'm going to start a new thread for it.

(in reply to roddymatheson)
Post #: 14

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> ISA & Tomcat question Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts