Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: ssl web publishing problem
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: ssl web publishing problem - 27.Jun.2004 3:49:00 PM
|
|
|
andfirth
Posts: 83
Joined: 19.Feb.2004
From: Netherlands
Status: offline
|
Ok thanks thomas, I was already figuring this out
to make a new zone , is it right that the host name is www and the fqdn becomes www.zoeyjoey.com. I was not sure about that. thanks anyway and I let you know the result.
greetings
Andy
|
|
|
|
|
RE: ssl web publishing problem - 27.Jun.2004 4:36:00 PM
|
|
|
andfirth
Posts: 83
Joined: 19.Feb.2004
From: Netherlands
Status: offline
|
ok thomas , just something else on the bridging tab I have redirecting enabled for ssl and a checkmark to use a certificate to authenticate ssl web server, but I can't select ,he said no certicate configured for this server. But I have already import a certificate. so where is the isa looking for a certificate, or must I create somewhere a new certificate?
let me know
thanks Andy
|
|
|
|
|
RE: ssl web publishing problem - 27.Jun.2004 7:02:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Andrew,
Do NOT use the "Use a certificate to authenticate to the SSL Web server". That option is very useful for very high security environments, where you want to require the ISA firewall to send a client certificate to the published Web site, but in your scenario, this is not required.
So, you can leave that option unchecked.
The certificate you need to configure is the Web listener certificate.
HTH,
Tom
|
|
|
|
|
RE: ssl web publishing problem - 27.Jun.2004 10:56:00 PM
|
|
|
andfirth
Posts: 83
Joined: 19.Feb.2004
From: Netherlands
Status: offline
|
ok thomas, thanks for you reply.
The reason I ask this is for the company I work for, it is big multinational, and I,m with few team members busy to implementing isaserver 2004 in the near future, where are now in a testing fase at work, also I do a lot of testing myself at home. Security at home is indeed not a big issue ,but for my company is must be very secure. We want to work with certificates and ssl connections for people in the field to work with their laptops with owa from outside. So my question his how I configure the option in bridging tab use certificate to authenticate ssl webserver, because as you see in my previous post I can't select it. I want to test this at home before we use it in the company. So maybe you can explain me how to configure this option
thanks
Andy.
[ June 27, 2004, 10:57 PM: Message edited by: Andrew27863 ]
|
|
|
|
|
RE: ssl web publishing problem - 27.Jun.2004 11:58:00 PM
|
|
|
andfirth
Posts: 83
Joined: 19.Feb.2004
From: Netherlands
Status: offline
|
ok thomas I have done all the steps you said, I have split dns, so I think it is not necessary to use a host file, also I use wildcard certificate ,because I want to publish more websites ( *.zoeyjoey.com). I have also configured in internal dns a host file for zoeyjoey.com, but when I type in the browser http://www.zoeyjoey.com/exchange, it is still not working, I get the following error below
Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.
Try the following:
Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.
Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.
Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.
If you are still not able to view the requested page, try contacting your administrator or Helpdesk.
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The ISA Server denies the specified Uniform Resource Locator (URL). (12202)
IP Address: N/A
Date: 27-6-2004 21:54:32
Server: osiris.home.lan
Source: proxy
maybe you can explain me this
thanks andy
ps. thomas I figure out already a few things
1. I configure by the default rule properties to redirect ssl request as ssl requests, it that right?.
2. by the internal network properties I configure by web proxy to enable ssl and use the certicicate ,because I'm using the firewall client. I'm I right?
3. it is working from the isa itself and from the owa machine when I type https://www.zoeyjoey.com/exchange I get login, but I don't get the owa form based authentication logon, that is strange because I selected to use that authentication.
4. it is not working form internal client machine, then I get the forbidden error as I described earlier.
thanks
Andy
[ June 28, 2004, 02:12 AM: Message edited by: Andrew27863 ]
|
|
|
|
|
RE: ssl web publishing problem - 30.Jun.2004 7:14:00 PM
|
|
|
tshinder
Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Andy,
I get a connection timeout when I try to connect.
Is there a device in front of the ISA firewall that isn't passing the connection to the external interface of the ISA firewall?
When I go http://www.zoeyjoey.com I see the default IIS page. Is this the default page on the published server?
Thanks!
Tom
[ June 30, 2004, 07:15 PM: Message edited by: tshinder ]
|
|
|
|
|
RE: ssl web publishing problem - 17.Aug.2004 7:19:00 PM
|
|
|
rriall
Posts: 2
Joined: 16.Aug.2004
From: IN
Status: offline
|
Andy,
One thing that was very confusing for me and was not very clear an any documentation for someone new to ISA 2004 was the To tab on the Web Publising Rule for OWA. Because there is a browse button it appears that you should be entering the internal OWA server name or ip, i.e. discu.home.lan. And the instructions of "the server name on the To tab for the web publishing rule must be the same as the certificate common name" was also confusing.
I had some of the same problems you did.
I followed all the instructions for setting up IIS on the Exchange Server and ISA 2004 for web publishing, and I got the loop error.
I then edited the HOSTS file on the ISA 2004 server with
192.xxx.xxx.xxx owa.domainname.com
where the ip address is the address of the internal Exchange 2003 server and the address is the url the external clients are requesting, in your case it would be www.zoeyjoey.com.
You should consider using something like owa.zoeyjoey.com or owamail.zoeyjoey.com.
Anyway,
After I did this I got the 500 error message.
Well, here's what it was:
My certificate name was the name of the url that I wanted users to hit, webmail.domainname.com.
Since it appeared that the To tab on the web publishing rule wanted an internal server name I had the internal Exchange 2003 server name in this box, exchangeowa.domainname.local.
This was WRONG.
As soon as I entered the certificate name, webmail.domainname.com on the To tab on the web publishing rule it worked.
Here's what I did.
I have a Front-End Exchange 2003 server.
On the Exchange Server in IIS 6.0 from the Default Web Site Properites, Directory Security tab I requested a Certificate from the internal CA and named it owamail.domainname.com.
On the Exchange 2003 server in IIS 6.0 from the Default Web Site Properties, Directory Security tab under Secure Communications I selected the View Certificate.
On the Certicate properties page, Details tab I copied the certificate (keys and all) to a file that I named owamaildomainnamecom.pfx.
I then copied the pfx file to the ISA 2004 server.
On the ISA 2004 server, I used the mmc console (created from Tom's instructions) to view the Certificates. I used this mmc to import the Certificate owamail.domainname.com to the ISA 2004 server. The Certificate owamail.domainname.com was imported into the Personal Certificates folder. A Certificate with the CA Server name, (write down the name before deleting) was also imported into this folder so I deleted it. I checked the Trusted Root Certification Authorities Certificate folder to verify that the CA deleted above was listed in this folder.
I then created a Web Publishing Rule, OWA Web Site Rule, on the ISA 2004 server for OWA and while creating the Web Publishing Rule I also created the Listner, OWA Listener for SSL, per Tom's instructions.
On the Preferences tab on the Listener properties for SSL the Certificate is owamail.domainname.com.
On the Web Publishing Rule, OWA Web Site Rule, To tab, the Server name is the name of the certificate, owamail.domainname.com, not the Internal web server. This was my problem all along.
I edited the HOSTS file on the ISA 2004 server, i.e. 192.xxx.xxx.xxx owamail.domainname.com.
If it is a dual-homed server make sure the default gateway is on the External network card and not the Internal netework card.
I also removed the Public DNS server names from the External network card.
Let me know if this helps.
Rhonda
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
