I will be implementing SSL to secure OWA soon and setup a test on another system. This test system is NOT OWA but just a regular web page. I just wanted to test the SSL setup as I have not done it before. The test setup is SSL from outside client to ISA then the request is redirected as HTTP to internal server. It hangs for a few minutes before popping up the expected message about the certificate not coming from a trusted party (i used windows CA) then when I hit 'OK' to continue it hangs another few minutes before finally loading the page! It does finally succeed though. Any ideas on what could be causing this?
other info: the test environment does not have public DNS. The publishing is done by IP. The site is accessed by IP. I named the certificate https://IP-Address.
What you need to do is install the Root certificate from the windows CA to your computer. This will speed up access to your website. I have an article somewhere on it. I will dig it up and post the information for you. We had to do this also for our websites that we publish.
Open up a blank MMC and add the certificates snap-in (do not add the certificate authority snap-in). Select computer account (click the next button) and then select local computer. Expand the tree for the certificates and open the trusted root certificates folder. Open the certificates fold and find the name of your root CA, right click and select all tasks -> export. Follow the wizard to export the root certificate. I did the default settings through the wizard. Now, copy the file you just created and install it locally on your computer or which ever one is trying to access the site. This should speed up the SSL process. If not, let me know. Also, I have a webpage that our users go to that allows them to install the root certificate before entering the sites that have SSL. If you want a copy of the code that allows you to install the root certificate off a webpage, let me know and I will post it here.
That did the trick. Its working nice and speedy in my test environment. I would like to see that code to enable users to download the certificate from a web page.
Now my test environment was a regular web site just to test the SSL. My production setup will be using SSL to publish OWA. Any pitfalls you know of? I have OWA published without SSL now and it works fine.
TOM: should I name my certificate http://FQDN/exchange ? And, do I need only that one certificate or will I need one for each published path?
You only need the one root certificate from the root CA. Also, you need one certificate per website. However, if you make another root CA, you will need the root certificate from that installed on the PC that is trying to view a website that has a certificate issued from that CA. Make sense?