Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
SSL Bridging (NEWb warning)
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
SSL Bridging (NEWb warning) - 28.Feb.2007 3:32:30 PM
|
|
|
ofeefee
Posts: 30
Joined: 19.Jan.2007
Status: offline
|
Alright, I'll try to be clear for what I'm doing, because it doesn't seem to fit any of the walkthroughs I have read.
If I just use webinside.site.com -> webinside.site.com, I can just export the cert from webinside.site.com and use it correct?
However, I want to use a different external name.
Such that the internal server is https://webinside.site.com. External published site is http://weboutside.site.com. What certs do I need to make or import?
<edit>
If I want to do just https -> http to a server, how do I get the cert for the ISA https part, make a fake server with the name I want and then request the cert using the SSL procedure.
<edit2>
I have a cert now I created on a fake IIS server for the weboutside.site.com address. I'm running EE with 4 array members, where do I install the certs, on each array member?
<edit3>
I have setup HTTPS -> ISA -> HTTP -> server and this works without issues, however, if I try HTTPS -> ISA -> HTTPS -> server it doesn't do anything. Do I need to do anything in ISA so it can login as a SSL client to the server? The server is using a verisign or gte cybertrus cert, so it should be able to login without issues? There is an option as use this cert to connect to the server, but shouldn't it just use normal client certs?
So I have https://webexternal.site.com going to https://webinternal.site.com, the external site cert appears to be working because if I use http://webinternal.site.com/ it works, but if i redirect to ssl, https://webinternal.site.com it fails.
Any hints?
Appears to not be an issue with ISA, because I swapped out the intenral https site with another https site, and it comes right up, the site I'm trying to get to is configured with a frontend cisco CSM/SSL load balancer, I suppose it's doing something with the traffic. Started a new post...
< Message edited by ofeefee -- 2.Mar.2007 2:45:30 PM >
_____________________________
Google is your friend!
|
|
|
|
|
RE: SSL Bridging (NEWb warning) - 4.Mar.2007 12:28:25 PM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Cisco makes great routers and switches, but they're total dopes when it comes to anything higher than layer 3. You're guaranteed much pain if you continue to use the Cisco device in front of the ISA Firewall for SSL bridging scenarios.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: SSL Bridging (NEWb warning) - 4.Mar.2007 1:12:25 PM
|
|
|
mylo
Posts: 138
Joined: 26.Mar.2002
Status: offline
|
Actually Tom, from the description, I think in this case it's the CSM behind the ISA ...I've not seen this before.. Ofeeefee can you clarify this is what you are trying to do
Client---->ISA--->CSM-->Web Server
HTTPS-->ISA--->HTTPS-->Web Server
Have you installed the Root CA certificate in the CSM?
Regards,
Mylo
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
