Welcome to ISAserver.org

Publishing using two different certificates

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Publishing using two different certificates

Page: [1]

Message

<< Older Topic Newer Topic >>

Publishing using two different certificates - 6.Oct.2008 8:55:55 AM

Pete89

Posts: 12
Joined: 20.Aug.2008
Status: offline

Hello everyone!!

I have published this drawing:

Drawing of Network

So as to save a little brain time as to what I am doing.

What I want to do:

1. Keep the production apps (OWA, Active Sync, Sharepoint, Outlook RCP over https) published on the mISA where they are now until I am ready to make the switch to the Portal that is located on the mIAG.

2. Have the portal up and ready before I get rid of the http listeners on the mISA.

I have read that I can only have one certificate per public IP. Currently the mISA box uses one certificate for the OWA, RCP over https, active sync and Sharepoint. We have another 3 public IPs for use if I need them. They are all in the same subnet.
I know I need to use another public IP if I want to use the certificate I have for the portal. The mISA device has 6 interfaces and I have three in use so far.

Also I have read that I could bind two IPs to the same interface.

Questions:

So what are my choices? Best way of doing what I want to do?

If I put one of the public IPs on another interface wont the OS complain that I already have an interface with an IP in the same subnet?

I have never bound two IPs to one interface. Is that an OS process or something in ISA?

Thanks for all the help you may be able to give,

Pete
Granada Spain

Post #: 1

Featured Links*

RE: Publishing using two different certificates - 6.Oct.2008 5:20:24 PM

paulo.oliveira

Posts: 820
Joined: 3.Jan.2008
From: Amazonas, Brazil
Status: offline

Hi Pete,

you can bind more than one IP address on the same interface. I guess now you can think how to accomplish what you want.

Regards,
Paulo Oliveira.

(in reply to Pete89)

Post #: 2

RE: Publishing using two different certificates - 7.Oct.2008 4:04:01 AM

Pete89

Posts: 12
Joined: 20.Aug.2008
Status: offline

OK I changed the topology to this:

New Network

I set up a HTTPS listener for the new public IP and changed both Listener Properties Networks to the repective public IP instead of the <ALL IP addresses> in the rule sets.

And from the outside I can now get to the Portal and I am getting close to what I want, but a few users on the LAN are getting an error while browsing:

Error Code 12206: Proxy chain loop

So I looked into the Alerts on the mISA and sure enough there are two errors.

1. Routing (chaining) failure
ISA Server detected a proxy server loop. There may be a problem in the configuration of the ISA Server Web chaining policy.

2. Link Translation Configuration Insecure. And then it goes on to say that all the https listeners are not https anymore and simply http.

What happened?? I surely did not want to disable https on those web apps and when you come in from the outside it stays https, so that may be a false error but something is up no?

(in reply to paulo.oliveira)

Post #: 3