I have got OWA working through ISA, now I've just got round to installing the SSL to make it bit more secure! Though I think I've made a mistake - I requested (and installed) the SSL on the Exchange(OWA) server and not the ISA server. Should I have got one for the ISA server?
I've followed the steps in Tom's (brilliant) book but come unstuck when I try to configure the SSL - error msg telling me their are none on this server (I know they're on the exchange server!).
Short of buying another SSL is there anything I can do. (My knowledge of SSL is not enough yet!)
If you're using Web Publishing Rules, you need to bridge the protocol using the same protocol that was accepted by the Incoming Web Requests listener. In ISA Server and Beyond I made a big deal out of bridging SSL as SSL. I think its important and its really not that difficult to do.
If you are morally opposed (or have very weak hardware or at least not strong enough to handle the encncryption for your traffic level), then you can bridge SSL to HTTP or HTTP to SSL, but you must make a Registry change. Check this out:
To resolve this problem:
Obtain and install the latest service pack for ISA Server 2000.
For additional information about how to do so, click the article number below to view the article in the Microsoft Knowledge Base: Q313139 How to Obtain the Latest Internet Security and Acceleration Server 2000 Service Pack Stop the Web Proxy service.
Start Registry Editor.
Locate and click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3Proxy\Parameters Create a new DWORD value that is named AddFrontEndHttpsHeader , and then give this new value a data value of 1.
Start the Web Proxy service.
Notes To revert to the original configuration, either remove the AddFrontEndHttpsHeader registry value, or change its data value to 0 (zero), and then restart the Web Proxy service.
By adding the AddFrontEndHttpsHeader registry value, ISA Server will add the custom HTTP Header "Front-End-Https: On" to all HTTP requests between ISA Server and the published OWA server. However, it only adds the custom header for Web Publishing requests if the incoming connection between the OWA client and the ISA Server computer is HTTPS (SSL). By adding this header, all traffic between the OWA client and the ISA Server computer will be SSL.
WORKAROUND To work around this problem, use any of the following methods.
Method 1 In ISA Server, publish OWA by using Server publishing instead of Web publishing. Method 2 Instead of terminating SSL at the ISA Server computer, use SSL Bridging so that a new SSL connection is established between ISA Server and the internal OWA server. Method 3 Write a Web filter in ISA Server that adds the custom HTTP Header "Front-End-Https: On". Note this procedure has basically the same effect the procedure that is described in the "Resolution" section of this article. For more information about Web Filters, see the ISA Server Software Development Kit.