• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Trihomed DMZ and Web site publishing

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> DMZ >> Trihomed DMZ and Web site publishing Page: [1]
Login
Message << Older Topic   Newer Topic >>
Trihomed DMZ and Web site publishing - 14.Oct.2010 4:07:24 AM   
neilbarker

 

Posts: 43
Joined: 18.Jan.2010
Status: offline
I am running ISA 2006 in a Trihomed DMZ fashion. I have one website published and using an SSL certificate.

The website is https://www.neilsupport.com and the certificate has the same name. All is working on this site. www.neilsupport.com resolves to 77.88.99.123 and the internal webserver is 11.1.0.1

I want to add another website on a separate webserver 11.1.0.2 called https://test.neilsupport.com which I have setup a DNS record on 77.88.99.124


My router is 77.88.99.1 and I have 4 external IP addresses, 2 as per above.

My question is can I use the same certificate for SSL connections to the second website as I have on my first site or do I need a new certificate?

Thanks in advance
Post #: 1
RE: Trihomed DMZ and Web site publishing - 17.Oct.2010 11:13:04 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
No.  You would need a new Cert for "test.neilsupport.com".  The spellings have to match exactly.

The other option is to use a Wild Card Certificate for "*.neilsupport.com"

An additional option os one of the other Certs designed for multiple sites that have a list of allowed sites within them.  I think they are called SAN Certificates, but I'm unsure,...I've always had a mental block for some reason on what they are called,..must be genetic or something.

_____________________________

Phillip Windell

(in reply to neilbarker)
Post #: 2
RE: Trihomed DMZ and Web site publishing - 17.Oct.2010 11:30:23 AM   
neilbarker

 

Posts: 43
Joined: 18.Jan.2010
Status: offline
Hi Phillip,

Thanks for the reply, I thought as much.

I have now got a certificate for the test.neilsupport.com domain and have been trying to install it on the ISA server to use with a new web listener to point incoming traffic to the correct web server.

I do however have a problem whereby the certificate is not valid for selection when I try to use it. The original certificate is valid so I must have done it right for the first webserver but not for the second.

I have installed the new cert on the ISA server so what am I missing?

I did the cert request from the actual web server and not the ISA server. COuld that be the problem?

Thanks in advance.

Neil

(in reply to pwindell)
Post #: 3
RE: Trihomed DMZ and Web site publishing - 18.Oct.2010 9:13:56 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
The request is done at the web server and it is installed on the web server first.  Then export it at the web server as a PFX file with private key.  Copy the file to the ISA/TMG and import it into the store.

_____________________________

Phillip Windell

(in reply to neilbarker)
Post #: 4
RE: Trihomed DMZ and Web site publishing - 18.Oct.2010 9:28:13 AM   
neilbarker

 

Posts: 43
Joined: 18.Jan.2010
Status: offline
Thanks Phil, I thought that might be the case when the ISA server was moaning about the cert there was an error denoting invalid private key.

I exported from the web server and imported on the ISA server and all is now working.

Many thanks,
Neil

(in reply to pwindell)
Post #: 5
RE: Trihomed DMZ and Web site publishing - 21.Oct.2010 9:11:30 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Very good Neil, glad it worked out.


_____________________________

Phillip Windell

(in reply to neilbarker)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> DMZ >> Trihomed DMZ and Web site publishing Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts