Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Wildcard Certificates and ISA Web Publishing (including OWA)
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Wildcard Certificates and ISA Web Publishing (including... - 13.Dec.2007 8:19:16 AM
|
|
|
isa_jas
Posts: 15
Joined: 26.Mar.2003
Status: offline
|
Hi,
I have read the article "Publishing Multiple Web Sites using a Wildcard Certificate in ISA Server 2004" and successfully set up my internally hosted websites using the wildcard certificate on the ISA server (ISA 2000) and an internally generated fully qualified domain name (FQDN) certificate on my internal web servers.
My questions are:
1) The article and posts on this site explain that you can not use the wildcard certificate on the internal web servers, but I can not find a good explanation as to why? Other articles such as "Solving the Dreaded "500 Internal Server Error – The target principal name is incorrect" Error" explain what is going on with regards to mismatched certificates and FQDN, but why does the use of the wildcard certificate at both the ISA and web server not work.
2) Has anything changed in ISA 2006? Does the same limitation exist? (And if so, will this issues probably always be the case with regards to ISA and wildcard certificates?)
3) Also, I have a questions about wildcard certificates, ISA and Windows Mobile. I understand from a post that "Windows Mobile 2003 does not support wildcard certificates! Both ActiveSync and Pocket IE will complain about the common-name on the certificate not matching the site name." Does this hold true for Windows Mobile 5? And how about Windows Mobile 6? (when used with ISA 2006 - or previous versions of ISA for that matter)
Thanks for your help. I would like to get these last questions answered before upgrading our ISA server.
John
|
|
|
|
|
RE: Wildcard Certificates and ISA Web Publishing (inclu... - 13.Dec.2007 8:20:26 PM
|
|
|
Jason Jones
Posts: 2265
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
|
Hi John,
ISA2k4 => can use a wildcard cert on its listeners, but CANNOT publish a back-end web server that is using a wildcard cert
ISA2k6 => can use a wildcard cert on its listeners, and CAN publish a back-end web server that is using a wildcard cert
In 2k4 there was no way of separating the host header name and the "To" name e.g. you needed to put *.domain.com in the To field, but ISA then couldn't resolve this to a proper destination. ISA2k6 changed this so you now have separate otpions for these so you can define both *.domain.com and an associated destination name or IP address.
You need Windows Mobile 6 to be able to use wildcard certificates as 5 didn't support this feature.
Hope this helps clear things up...
Cheers
JJ
< Message edited by Jason Jones -- 14.Dec.2007 7:09:18 AM >
_____________________________
Jason Jones (MVP)
Silversands Limited http://www.silversands.co.uk
My Blog: http://blog.msfirewall.org.uk/
Get our NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
