• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

What could happen if ISA doesn't trust the CA?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> What could happen if ISA doesn't trust the CA? Page: [1]
Login
Message << Older Topic   Newer Topic >>
What could happen if ISA doesn't trust the CA? - 13.Apr.2009 10:32:48 AM   
soimer

 

Posts: 10
Joined: 9.Apr.2007
Status: offline
We know that when ISA publishes an HTTPS site, in the listerner we need to specify a certificate for the site, and this certificate should be issued for this site by a trusted CA.
We also know that if the certificate on the listener is not issued by a trusted CA, when the client access the site through reverse proxy, it will get a warning - 'The security certificate presented by this website was not issued by a trusted certificate authority.'  However, user can still continue by ignoring this message.
What will happen if ISA server itself doesn't trust the CA?
Both end, the web server and the client, trust the CA who issued the certificate for the website.  But for some reason, like root certificates have not been updated, the middleman - ISA does not trust the CA who issued the certificate that ISA imported to its local store.
Will ISA server try to update its root certificates if it can or cannot reach the Internet?  Will there be any other backend traffic trying to fix this, and eventually slow the whole publish process?

Thanks.
Post #: 1
RE: What could happen if ISA doesn't trust the CA? - 13.Apr.2009 10:57:07 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

if ISA does not trust the CA youŽll not be able to bind the certificate to the web listener.

ISA will check the CRL with the RootCA. Check this: Unable to Logon Using Forms Base Authentication through ISA Server 2006


Regards,
Paulo Oliveira.

(in reply to soimer)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Web Publishing >> What could happen if ISA doesn't trust the CA? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts