Web publishing rule: Action: Allow From: Anywhere To:192.168.0.25 (internal webserver IIS 6) Forward original host header enabled, requests from original client Traffic: HTTPS HTTP Listener: 'ExListener1' bound to 1 specific external IP, HTTP 80 HTTPS 443 (pick a certificate: either secure.domain1.com or secure.domain2) Public Name: All requests Paths: <same as internal> /* Bridging: Web Server Redirect requests to http port 80 enabled rediect ssl not selected, FTP bridging not selected Users: All Users Schedule: Always Link Translation: Replace absolute links not selected
Hope that gives you all you need for that.
We have exported both certificates to the ISA server so you can select either secure.domain1.com or secure.domain2.com certificates for the listener. Whichever one is picked that SSL site works.
The names of the certificates on the webserver are secure.domain1.com and secure.domain2.com
OK, the problem is that if you have a single address and want to publish multiple Web sites, you need to use a wildcard certificate on the ISA firewall's Web listener, like *.domain.com. At that point, you want accept incoming connections to sites such as www.domain.com and www2.domain.com and sales.domain.com, but you cannot accept a connection for a site that isn't part of the same second level domain, such as www.domain1.com.
Check out the article on this site on using wildcard certificates to publish secure Web sites.
Rob, did you find a solution for this or did you abandom the idea for now? I think this would work using SSL tunnelling but I to would like a solution using Bridging to take advantage of ISA's SSL securities.
It's really too bad that adding host headers to SSL is available in IIS 6, yet ISA has no way to take advantage of them
The same requirements for Win2003 SP1 Host Headers with SSL in IIS6 are the same requirements for SSL Host header support in ISA - you have to use a Wildcard certificate. ISA had this ability long before IIS did.
Just to make sure I understand your point - what EXACTLY do you mean by 'multiple SECOND LEVEL domains'? As in, having ISA with 1 IP and trying to publish clintd.com and clint.com on a single IP? IIS can't do this either - you have to use the wildcard cert on EITHER the clintd.com or clint.com domains in order for SSL/Host Header support to work right.
The IIS Program Manager talks about this in his blog.
All over this board I see talk of the wildcard cert. I must admit that I have used toms article to deploy this on ISA for my OWA... BUT this is not a good solution as the security warning will pop up. How confident would you be if you went to your banks website and a security warning popped up saying something isn;t right here...
What I am looking for is a way to use ONE single external IP Address with multiple SSL secured domains. From what I am reading the only way to do this is by using SSL Tunnelling directly to the web server. Obviously this is not ideal... is there a better solution?