Welcome to ISAserver.org

TMG 2010 and certificates

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> TMG 2010 and certificates

Page: [1]

Message

<< Older Topic Newer Topic >>

TMG 2010 and certificates - 10.Dec.2013 3:54:06 AM

IanHarrison

Posts: 1
Joined: 10.Dec.2013
Status: offline

Hi
I have a setup where we have a wireless network running through a captiveportal and then TMG 2010 for filtering/monitoring. It all works ok apart from inspecting SSL traffic because I cant use a self signed certificate. The reason been that I cant deploy it out to the clients (iPhones, Androids and any other BYOD). So I have a certificate (.pfx) generated from a public CA but I can't install it into TMG. I can install it into the cert store and IIS manager on the same server so I know the cert is ok. When I try to import it into the TMG it just says the file is faulty. Any ideas as to what I can do?
Thanks
Ian

Post #: 1

Featured Links*

RE: TMG 2010 and certificates - 12.Dec.2013 1:01:47 AM

PatrickM

Posts: 112
Joined: 23.May2001
From: Skutsk�r, Sweden
Status: offline

You cannot buy a worldwide trusted certificate that sign all other websites, creating certificates on the fly, We would all love it thou! :-D

You can only use you own PKI.
You have to have a solution for deploying your certificate trust chain to all the devices.

Do you see the security issue if we could create certificates for lets say startpage.com, hotmail.com etc on-the-fly from a trusted CA hierarchy?? BOYD-devices not knowing about it..

#PKIfail ;)

< Message edited by PatrickM -- 12.Dec.2013 1:08:37 AM >

_____________________________

Patrick.M
MCP on Microsoft Proxy 2.0

(in reply to IanHarrison)

Post #: 2