• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

OWA SSL location

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> Web Publishing >> OWA SSL location Page: [1]
Login
Message << Older Topic   Newer Topic >>
OWA SSL location - 28.Jan.2003 4:53:00 PM   
Ben Richardson

 

Posts: 27
Joined: 16.Aug.2002
From: UK
Status: offline
I have got OWA working through ISA, now I've just got round to installing the SSL to make it bit more secure! Though I think I've made a mistake - I requested (and installed) the SSL on the Exchange(OWA) server and not the ISA server. Should I have got one for the ISA server?

I've followed the steps in Tom's (brilliant) book but come unstuck when I try to configure the SSL - error msg telling me their are none on this server (I know they're on the exchange server!).

Short of buying another SSL is there anything I can do. (My knowledge of SSL is not enough yet!)

Thanks
Post #: 1
RE: OWA SSL location - 28.Jan.2003 5:25:00 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
You need to export the cert from OWA and import it into ISA. Check out the follwing article:

http://www.isaserver.org/tutorials/unihomedisa2.html

ISA will then be able to inpersonate the OWA server and allow SSL to SSL bridging...

JJ

(in reply to Ben Richardson)
Post #: 2
RE: OWA SSL location - 29.Jan.2003 2:43:00 PM   
Ben Richardson

 

Posts: 27
Joined: 16.Aug.2002
From: UK
Status: offline
Thanks Jason, much appreciated.

All instaled now, although I'm now getting 403 error after authentication box is presented!

I see there's another thread on this so will look closely at that( whilst i change everything back to non-SSL so my users can use it again!)

Ben

(in reply to Ben Richardson)
Post #: 3
RE: OWA SSL location - 29.Jan.2003 11:54:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Ben,

If you're using Web Publishing Rules, you need to bridge the protocol using the same protocol that was accepted by the Incoming Web Requests listener. In ISA Server and Beyond I made a big deal out of bridging SSL as SSL. I think its important and its really not that difficult to do.

If you are morally opposed (or have very weak hardware or at least not strong enough to handle the encncryption for your traffic level), then you can bridge SSL to HTTP or HTTP to SSL, but you must make a Registry change. Check this out:

To resolve this problem:

Obtain and install the latest service pack for ISA Server 2000.

For additional information about how to do so, click the article number below to view the article in the Microsoft Knowledge Base:
Q313139 How to Obtain the Latest Internet Security and Acceleration Server 2000 Service Pack
Stop the Web Proxy service.

Start Registry Editor.

Locate and click the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3Proxy\Parameters
Create a new DWORD value that is named AddFrontEndHttpsHeader , and then give this new value a data value of 1.

Start the Web Proxy service.

Notes
To revert to the original configuration, either remove the AddFrontEndHttpsHeader registry value, or change its data value to 0 (zero), and then restart the Web Proxy service.

By adding the AddFrontEndHttpsHeader registry value, ISA Server will add the custom HTTP Header "Front-End-Https: On" to all HTTP requests between ISA Server and the published OWA server. However, it only adds the custom header for Web Publishing requests if the incoming connection between the OWA client and the ISA Server computer is HTTPS (SSL). By adding this header, all traffic between the OWA client and the ISA Server computer will be SSL.

WORKAROUND
To work around this problem, use any of the following methods.

Method 1
In ISA Server, publish OWA by using Server publishing instead of Web publishing.
Method 2
Instead of terminating SSL at the ISA Server computer, use SSL Bridging so that a new SSL connection is established between ISA Server and the internal OWA server.
Method 3
Write a Web filter in ISA Server that adds the custom HTTP Header "Front-End-Https: On". Note this procedure has basically the same effect the procedure that is described in the "Resolution" section of this article. For more information about Web Filters, see the ISA Server Software Development Kit.

BTW -- thanks for getting the book! [Smile]

HTH,
Tom

(in reply to Ben Richardson)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> Web Publishing >> OWA SSL location Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts