Welcome to ISAserver.org

Enable SSL for one Website

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 General ] >> General >> Enable SSL for one Website

Page: [1]

Message

<< Older Topic Newer Topic >>

Enable SSL for one Website - 10.Nov.2008 5:12:08 PM

okontoe

Posts: 5
Joined: 22.Nov.2004
Status: offline

I am trying to create a web publishing rule to use SSL (443) end-to-end for one website whereas all the other websites use HTTP (80).

The problem is the administrator for me created a web listener that is enabled for both 80/443 and assigned the server IP to this listener so I cannot create another web listener to listen on 443 only.

I've tried using a secure web publishing rule to enable bridging to no avail as the connection keeps getting terminated at the ISA 2004 server and never gets to the web server where I have the website enabled to use SSL.

I've tried other things to no avail. Does anyone have any suggestions how to get SSL working from end-to-end with a web listener already enabled for 80 and 443?

Thanks

Post #: 1

Featured Links*

RE: Enable SSL for one Website - 10.Nov.2008 9:31:05 PM

Rotorblade

Posts: 1348
Joined: 27.Feb.2007
Status: offline

quote:

The problem is the administrator for me created a web listener that is enabled for both 80/443 and assigned the server IP to this listener so I cannot create another web listener to listen on 443 only.

There would have to be another problem. Having both 80 and 443 enabled on the WL would not cause an issue. For bridging to work you must have matching SSL certificates on both the ISA and the published server. You must export the web server certificate and import it properly into ISA; otherwise SSL will terminate at the ISA and use HTTP back to the published server.

HTH

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to okontoe)

Post #: 2

RE: Enable SSL for one Website - 11.Nov.2008 8:26:53 AM

okontoe

Posts: 5
Joined: 22.Nov.2004
Status: offline

We do have matching SSL certificates on the ISA and Web Servers. That's why I'm stumped. When I created a secure web publishing rule to use bridging and made sure the TO: field name matched the SSL certificate name, I could not get to work as my https: requests always got terminated at the ISA Server and never made it to the Web Server. I followed the guidelines on isaserver.org to set up SSL but for some reason when I use bridging, it gets terminated every time on the ISA server.

Thanks for replying to my original message.

(in reply to Rotorblade)

Post #: 3

RE: Enable SSL for one Website - 11.Nov.2008 9:29:52 AM

Rotorblade

Posts: 1348
Joined: 27.Feb.2007
Status: offline

quote:

I could not get to work as my https: requests always got terminated at the ISA Server and never made it to the Web Server.

When you say "terminated at the ISA and never made it to the Web Server", are you saying that you�re getting a HTTP error 500 or something like that?
If you�re not getting an error then it sounds like its working as it should because you are web publishing which is a reverse proxy and ISA is going to intercept and inspect the traffic and then establish a second connection and send back to the published server. If you want end-to-end encryption without involving ISA, you will need to configure the publishing rule to use SSL tunneling which is similar to Server publishing. Using tunneling mode you will loose all ISA�s functionality to inspect traffic and properly protect the published web server.

HTH

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to okontoe)

Post #: 4