Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Discussion of using a Wildcard Certificate in ISA2004 article
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Discussion of using a Wildcard Certificate in ISA2004 a... - 1.Feb.2004 8:34:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
This thread is for discussing the Using a wildcard certificate in ISA2004 article at http://isaserver.org/tutorials/2004wildcardcert.html.
Thanks!
Tom
[ February 01, 2004, 08:43 PM: Message edited by: tshinder ]
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 1.Feb.2004 10:49:00 PM
|
|
|
jide
Posts: 6
Joined: 30.Jan.2004
From: London
Status: offline
|
Hi Tom,
Good and informative information as always. But can you do the same thing on ISA 2000 or is this only possible with ISA2004.
Thanks.
Jide
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 1.Feb.2004 10:54:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Jide,
Works great in ISA2000 too.
HTH,
Tom
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 2.Feb.2004 3:59:00 AM
|
|
|
willabr
Posts: 16
Joined: 19.Jan.2003
From: USA
Status: offline
|
Publishing Multiple Web Sites:
When I get to adding the second site (www) I do not have the "Create a new certificate" selection. I would have to remove the current certifacte (owa) before I can create a new one. Is this correct or have I done something out of order.
Thansk
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 2.Feb.2004 5:04:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Bruce,
The second site, which listens for "www.domain.com", is on a *different* Web server, not the same one as the OWA site. Check out the sample lab config to see that there are two Web servers in use. You can accomplish a similar thing with one Web server if you've created two virtual Web servers.
HTH,
Tom
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 2.Feb.2004 3:40:00 PM
|
|
|
andifur
Posts: 143
Joined: 25.Oct.2001
From: Eastern PA
Status: offline
|
This is great, but for audit reaons,we are not allowed to publish SSL sites with home grown certs.
Do you know if Verisgn or Thawte allow the creation of wildcard certs?
[ February 02, 2004, 03:40 PM: Message edited by: andifur ]
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 2.Feb.2004 3:44:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Anthony,
Possibly. I know of less well-known public cert providers that do this, but the big boys probably would require an arm and a leg, since you pay per cert.
Tom
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 2.Feb.2004 9:54:00 PM
|
|
|
Linke Loe
Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
|
Hi Tom. I gues this would also work when you only have to publish the OWA-site?
For me it didn't. I followed all steps in your article except those for the second website. When I try to access my OWA-site I get the error mesage: 403 - Forbidden. The server denies the specified URL.
Thanks for the article though. Great work.
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 2.Feb.2004 11:30:00 PM
|
|
|
Linke Loe
Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
|
I've taken a closer look at what happens. I've monitored and logged my requests for my OWA-site and saw that every request I made was denied by the default firewall rule, wich denies all traffic. This means that the firewall policy skips the firewall rule created by the web publishing wizard.
When I took a closer look at the firewall rule for the OWA publishing, I saw that the protocols allowed are HTTP and HTTPS, not 'HTTPS Server'. Could this be the problem?
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 4.Feb.2004 3:56:00 PM
|
|
|
Linke Loe
Posts: 57
Joined: 1.Oct.2003
From: Utrecht, Netherlands
Status: offline
|
I've run the article over again and suddenly, the publishing worked...
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 25.Feb.2004 7:28:00 PM
|
|
|
i-have
Posts: 1
Joined: 25.Feb.2004
Status: offline
|
I have the following question about publishing the owa site on a different name than the internal domain name.
I followed the totural with the different name than the domain.
From the internet everyting is working oke. But from the inside (firewall clients) I get an error:
<TD width=
The page cannot be displayed
I added the different name to my dns server as a lookup zone and added the exchange server to it. Now it only works when I turn of the firewall client.
Is there another way of doing this?
Already thanks!
i-have
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 28.Feb.2004 3:20:00 AM
|
|
|
gatorz
Posts: 17
Joined: 28.Feb.2004
Status: offline
|
When i go to select the cert in the new Web listener, it tells me there are no certificates configured on this server
i have verified that the certificate is installed per the article
any ideas
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 28.Feb.2004 3:20:00 AM
|
|
|
gatorz
Posts: 17
Joined: 28.Feb.2004
Status: offline
|
When i go to select the cert in the new Web listener, it tells me there are no certificates configured on this server
i have verified that the certificate is installed per the article
any ideas
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 19.Apr.2004 5:51:00 PM
|
|
|
JamesD
Posts: 1
Joined: 19.Apr.2004
From: UK
Status: offline
|
Just a warning regarding Wildcard certificates... the successful validation (client-side) of SSL certificates is application dependant.
For example, using your PocketPC to browse a web site protected by a wildcard SSL certificate works fine..... however, if you publish Server ActiveSync using a wildcard SSL certificate, the client-side ActiveSync application will refuse to validate the server's certificate (unless certificate validation is disabled).
This has been confirmed as expected behaviour by Microsoft PSS.
So just beware, and double-check any non-browser apps before you shell out!
Cheers,
James.
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 19.Apr.2004 7:33:00 PM
|
|
|
paulbaldwin
Posts: 139
Joined: 2.Apr.2004
From: Lancashire, UK
Status: offline
|
Hi James,
You've got me there.
I've been using a wildcard certificate for OWA, OMA, RPC over HTTP, Sharepoint and Exchange ActiveSync! I used both SmartPhones and iPaqs running PocketPC 2002 (and 2003 I think).
What have Microsoft PSS been telling you?
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 19.Apr.2004 8:25:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hey guys,
Paul is THE MAN when it comes to ISA and Smart Phone deployment. When he says it works, it DOES.
HTH<
Tom
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 23.Apr.2004 2:03:00 AM
|
|
|
Guest
|
I have having the same problem as gatorz posted. Any ideas?
Thanks!
---------------------------------
>gatorz
>posted February 28, 2004 03:20 AM
>--------------------------------
> When i go to select the cert in the new Web listener, it tells me there are no certificates configured on this server
i have verified that the certificate is installed per the article
>any ideas
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Smile]](/image/smiles/smile.gif)
![[Embarrassed]](/image/smiles/redface.gif)
![[Wink]](/image/smiles/wink.gif)
