Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Publishing MS Cert to External

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Publishing MS Cert to External Page: [1]
Login
Message << Older Topic   Newer Topic >>
Publishing MS Cert to External - 17.Oct.2008 10:50:36 AM   
jpluim

 

Posts: 10
Joined: 31.May2007
Status: offline 		ISA 2006 Standard
Windows 2003 R2 SP2
I am trying to publish our MS Cert server so that our remote users can obtain a user cert.  Following this document: http://www.isaserver.org/img/upl/vpnkitbeta2/pubwebenroll.htm
Right now it is just HTTP to get the basics working. Works internally, internal DNS points directly to the cert server. ISA server can reach this server too.
 
Problem is when I try to connect to this from the outside world I keep getting
Error Code: 403 Forbidden. ISA Server is configured to block HTTP requests that require authentication. (12250)
The web rule authentication delegation is No delegation, but client may authenticate directly. For Authenticated Users. Listener is set to integrated authentication.  
 In the logs it shows failed connection attempt, shows my cert rule and client is anonymous.
 
No matter what authentication options I select I cannot get a prompt to put a username and password.  
 
Any Ideas?
Post #: 1
RE: Publishing MS Cert to External - 17.Oct.2008 11:33:38 AM   
IanC

 

Posts: 237
Joined: 11.Jul.2007
From: UK
Status: online 		ISA Server is blocking these HTTP requests to prevent credentials being trasmitted in the clear.  The checkbox an is an advanced option on the Authentication tab.  But rather than enable this insecure option, you should configure an SSL listener instead.

Ian

_____________________________

Ian Currie

http://www.curriecomputing.com

Approved supplier - nAppliance(UK)
http://www.apdh64.dsl.pipex.com/currie/products.html
ISA Server 2006 SP1 3-day workshop
http://www.apdh64.dsl.pipex.com/currie/learning.html

(in reply to jpluim)
Post #: 2
RE: Publishing MS Cert to External - 17.Oct.2008 12:18:20 PM   
Jason Jones

 

Posts: 2254
Joined: 30.Jul.2002
From: United Kingdom
Status: online 		Also, don't forget about access to AIA and CRL information for external users so that they can validate the CA chain and access CRLs to check revocation information.

Cheers

JJ

_____________________________

Jason Jones (MVP)

Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/

Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to IanC)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Publishing MS Cert to External Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts