Welcome to ISAserver.org

Yet another SSL and web publishing question.

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2000 General] >> Web Publishing >> Yet another SSL and web publishing question.

Page: [1]

Message

<< Older Topic Newer Topic >>

Yet another SSL and web publishing question. - 19.Sep.2003 10:02:00 PM

georgef

Posts: 6
Joined: 6.Jan.2003
From: Cuyahoga Falls, Ohio, USA
Status: offline

I want to get my ducks all in a row before I get started.

Here's the scenario:

I have ISA Server on a Win2K box with one external IP. This also runs IIS 5 and hosts our public web site. We have our public ftp site on another Win2K server on the internal domain and host a SQL Server web application for a customer on yet another internal Win2K server.

Just for example, let's say our domain is xyz.com.

When someone from the outside accesses www.xyz.com, they are redirected to our public website on the ISA server.

When they access ftp.xyz.com, they are redirected to the internal ftp server.

When they access utopia.xyz.com, they are redirected to the web application on the SQL Server box.

Everything works wonderfully, but what I want to do is add SSL encryption to the requests for utopia.xyz.com from external clients since the client could be accessing sensitive information. I don't want requests from external clients to be encrypted when they access www.xyz.com (public website) or ftp.xyz.com (public ftp site).

I will be getting a Thawte certificate and I want the SSL connection terminated at the ISA server: requests to and from the SQL Server web application from clients on the internal LAN are not encrypted but anything coming in/going out through the ISA Server between utopia.xyz.com and the internet needs to be encrypted.

I kinda sorta maybe think I know what to do. Then I read an article on the subject and get myself all confused... tunneling, bridging, certificate servers, Enterprise Root CA, standalone Root CA, public keys, private keys, client certificates, server certificates... I can feel my shorts starting to bunch up. "[Confused]"

I'm assuming that when I apply for the Thawte certificate, I use utopia.xyz.com as the common name. When I receive the certificate, I install the certificate on the server hosting the web application. Then I export the certificate from that system and import the certificate on the ISA server. Or do I just install the certificate on the ISA server initially since it will be responding to web requests for utopia.xyz.com and doing the authentication and redirection?

In the ISA Server MMC, I enable SSL listeners for incoming web requests and in the web publishing rule for the SQL web app redirection, I set SSL requests to be redirected to http.

But I think I'm missing something. Where do I tell ISA Server which certificate to use?

Thanks in advance!

George

[ September 19, 2003, 10:06 PM: Message edited by: georgef ]

Post #: 1

Featured Links*

RE: Yet another SSL and web publishing question. - 21.Sep.2003 11:43:00 PM

tshinder

Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi George,

Get that web site OFF the firewall, then we can get you fixed up, no problem.

HTH,
Tom

(in reply to georgef)

Post #: 2

RE: Yet another SSL and web publishing question. - 23.Sep.2003 4:17:00 PM

JohnS

Posts: 71
Joined: 10.Aug.2001
Status: offline

Hi Georgef,

Tom is right. But as I understood your web site utopia.xyz.com runs on separate w2k box and you do web publishing with FQDN utopia.xyz.com? Correct?
If it's a correct statment then you should generate a certificate request on your application's web server, install obtained certificate on the same web server, export the certificate and install it on ISA box. When you configure listener for incoming web requests on ISA server you should select the imported certificate.

And look into Tom's book you'll find answers to questions related to Web publishing under SSL.

(in reply to georgef)

Post #: 3