• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SSL & Server Publishing

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> SSL & Server Publishing Page: [1]
Login
Message << Older Topic   Newer Topic >>
SSL & Server Publishing - 11.Mar.2005 9:02:00 PM   
Guest
Hello,

I have an ISA2004 server that publishes a few webservers that sit behind it.

I would like to add SSL to one of the sites on one of my webservers.

In order for me to do this, do I just get an SSL certificate for the www server and then configure the HTTP listener on ISA to also allow HTTPS to that server? I've tried this and when I enable SSL on the weblistener for that server then ISA asks me for a certificate. Do I also have to get an SSL certificate for ISA??

Please advise, thank you.
  Post #: 1
RE: SSL & Server Publishing - 12.Mar.2005 12:48:00 PM   
citrixman

 

Posts: 17
Joined: 3.Mar.2005
Status: offline
hi ZD!
It depends if you want to host just one secure site or more than one. If you only want to host one you can just get one SSL certificate for the webserver then export it to the ISA server and then setup ssl to ssl bridging.
It becomes a little more complicating if you wanna host more than one secure site. Then the isa server will need a wildcard cert like *.yourdomain.com then a normal cert on each backend website its all in this article:

http://isaserver.org/tutorials/2004wildcardcert.html.

good luck [Smile]

PS: Thats only if u have 1 internet address to play with if u have a few ips you can just bind them to the external nic in the isa server and setup multi ssl listeners on each different IP then no need for a wildcard cert. Just to import the certs from the webservers and import them into ISA's certificate store.

citrixman.

[ March 15, 2005, 08:21 AM: Message edited by: citrixman ]

(in reply to Guest)
Post #: 2
RE: SSL & Server Publishing - 22.Apr.2005 9:18:00 PM   
krolrules

 

Posts: 55
Joined: 31.Mar.2005
From: Sharon Center, OH
Status: offline
Sorry if this post is too old to respond to..

citrixman said --
quote:
...if u have a few ips you can just bind them to the external nic in the isa server and setup multi ssl listeners on each different IP then no need for a wildcard cert. Just to import the certs from the webservers and import them into ISA's certificate store.

If I were to do it this way, am I still using application filtering on my ISA box, or is this considered tunneling?

Thanks...

(in reply to Guest)
Post #: 3
RE: SSL & Server Publishing - 25.Apr.2005 12:06:00 PM   
RuiFiske

 

Posts: 96
Joined: 8.Dec.2004
From: London
Status: offline
Hi there,

Never too old to post!

If you have a certificate on your ISA Server, then it is able to decrypt the traffic coming into the server, and so you can perform stateful application layer inspection on the traffic. This will usually be the case when you are publishing a (secure) web server.

If you have no certificate that matches the FQDN of the published server, and you allow the traffic to be proxied through the ISA server, then this is tunnelling. The ISA server cannot decrypt the traffic because it does not have the private key for the certificate. This is usually the case in an outbound scenario.

So, in this case, you are:
quote:
still using application filtering on my ISA box.
Do you have any other questions about this?

Don't forget to rate me if this was useful.

(in reply to Guest)
Post #: 4
RE: SSL & Server Publishing - 26.Apr.2005 7:26:00 PM   
krolrules

 

Posts: 55
Joined: 31.Mar.2005
From: Sharon Center, OH
Status: offline
No other questions, thanks! You answered it well.

We currently have 3 SSL certs on our webservers, that we will be migrating to a DMZ on ISA 2004 here in the near future. So this helps out!

Thanks!

(in reply to Guest)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Web Publishing >> SSL & Server Publishing Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts