Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Discussion of using a Wildcard Certificate in ISA2004 article
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 26.Apr.2004 3:25:00 PM
|
|
|
tshinder
Posts: 46971
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hey guys,
Make sure you close and open the ISA Management console.
HTH,
Tom
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 8.Jul.2004 3:08:00 AM
|
|
|
jmlohren
Posts: 80
Joined: 7.Sep.2001
From: Spokane, WA USA
Status: offline
|
Ok. So maybe this is why I've been having my problems. Any suggestions are greatly appreciated.
I have a valid wildcard SSL certificate from DigiCert.
It's installed correctly on my ISA server.
So..am I to assume that if I install the wildcard certificate on my internal webservers that I will get the dreaded 500 error? I need to have specific certificates ie webmail.domain.com or billing.domain.com instead of my wildcard *.domain.com on my internal servers to get this to work correctly?
TIA!
Jason Lohrenz
IT Director
Pacific Medicaid Services
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 8.Jul.2004 3:12:00 AM
|
|
|
tshinder
Posts: 46971
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Jason,
That is correct! But you do not need to purchase separate certificates for that. You can create your own using the MS Certificate Server and give them the proper public names. Just make sure you install the CA certificate on the ISA 2004 firewall in the firewall's Machine certificate store in the Trusted Root Certification Authorities node.
HTH,
Tom
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 8.Jul.2004 3:23:00 AM
|
|
|
jmlohren
Posts: 80
Joined: 7.Sep.2001
From: Spokane, WA USA
Status: offline
|
Can I assume that this will work okay with ISA 2K as well? As that is what I have.
I just posted here as this article was the closest match to my search.
Thanks again.
Jason
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 8.Jul.2004 5:54:00 AM
|
|
|
tshinder
Posts: 46971
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Jason,
Yes, should work just the same with ISA 2000. Just make sure the name on the certificate bound to the Web site and the redirect on the Web publishing rule match.
HTH,
Tom
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 7.Oct.2004 10:09:00 AM
|
|
|
AButtigieg
Posts: 14
Joined: 19.Jul.2004
Status: offline
|
And what happens if I want to use OWA forms based authentication and not basic?
- Andrew
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 27.Nov.2004 12:48:00 PM
|
|
|
FrancWest
Posts: 70
Joined: 22.Jul.2004
Status: offline
|
Hello, anyone knows if there's a fix already when using ActiveSync on Win Mobile 2003 and wildcard certificates ?
Franc.
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 4.Dec.2004 2:18:00 AM
|
|
|
radman57
Posts: 2
Joined: 4.Dec.2004
From: Gilbert, AZ
Status: offline
|
Hello! Im new to this forum and have a question on this topic before I proceed with an attempt.
I am using (wait for it) SBS2003 (I have been warned there will be massive groaning and knashing of teeth) and have the Premium edition installed (ISA 2000 hopefully moving to 2004 when the SP1 for SBS comes out).
I also am "hosting" several websites on the SBS server (examples: www.domain 1.com, db.domain1.com, www.domain2.com, www.domain3.com, etc). Also have the standard OWA, Companyweb, Default, etc as well.
Will this method (wildcard certs) work for this type of setup. essentially 1/2 remote web workplace and half webserver hosting several websites with different names?
Any help is greatly appreciated!
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 3.Feb.2005 5:19:00 PM
|
|
|
RuiFiske
Posts: 92
Joined: 8.Dec.2004
From: London
Status: offline
|
I'm trying to set up an SSL chain using wildcard certificates, in order to have strong authentication.
Is it possible to get ISA server to accept wildcard certificates, rather than just use them?
It seems a bit strange that it will happily provide them, functioning as a server, but will not accept them (Principal Target name is incorrect) as a client. Anyone found any way round this?
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 10.Mar.2005 10:22:00 PM
|
|
|
tshinder
Posts: 46971
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Why,
Just doesn't work that way. I think they choose this becasue of security issues.
HTH,
Tom
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 10.Mar.2005 10:25:00 PM
|
|
|
tshinder
Posts: 46971
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by Robert Dye:
Hello! Im new to this forum and have a question on this topic before I proceed with an attempt.
I am using (wait for it) SBS2003 (I have been warned there will be massive groaning and knashing of teeth) and have the Premium edition installed (ISA 2000 hopefully moving to 2004 when the SP1 for SBS comes out).
I also am "hosting" several websites on the SBS server (examples: www.domain 1.com, db.domain1.com, www.domain2.com, www.domain3.com, etc). Also have the standard OWA, Companyweb, Default, etc as well.
Will this method (wildcard certs) work for this type of setup. essentially 1/2 remote web workplace and half webserver hosting several websites with different names?
Any help is greatly appreciated!
Hi Robert,
No groaning or gnashing, but there aren't many people knowledgable about ISA who also can help with SBS. Any version of ISA on SBS is essentailly a hacked up version made to work in an on-box config, but the product was designed as a network firewall, so you break too much of the firewall functionality to get it to work on SBS.
HTH,
Tom
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 24.May2005 9:54:00 AM
|
|
|
fordo
Posts: 41
Joined: 21.Apr.2005
Status: offline
|
Tom --
In this article under the Import the Wildcard Certificate section, step 13 instructs to put a checkmark in the "Mark this key as exportable..." checkbox.
However, on page 675 of your 2004 book, step 15 instructs "Do NOT mark the certificate as exportable".
When using a wildcard certificate, should the exportable be checked or unchecked?
Thanks.
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 1.Jun.2005 4:04:00 PM
|
|
|
fordo
Posts: 41
Joined: 21.Apr.2005
Status: offline
|
Can someone help me out here? Thanks!
In this article under the Import the Wildcard Certificate section, step 13 instructs to put a checkmark in the "Mark this key as exportable..." checkbox.
However, on page 675 of your 2004 book, step 15 instructs "Do NOT mark the certificate as exportable".
When using a wildcard certificate, should the exportable be checked or unchecked?
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 18.Aug.2005 5:44:00 AM
|
|
|
tshinder
Posts: 46971
Joined: 10.Jan.2001
From: Texas
Status: offline
|
quote:
Originally posted by Fordo:
Tom --
In this article under the Import the Wildcard Certificate section, step 13 instructs to put a checkmark in the "Mark this key as exportable..." checkbox.
However, on page 675 of your 2004 book, step 15 instructs "Do NOT mark the certificate as exportable".
When using a wildcard certificate, should the exportable be checked or unchecked?
Thanks.
Hi Fordo,
Doesn't matter from a functionality perspective, just a security perspective. The explanation is in the book.
Thanks!
Tom
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 28.Aug.2005 1:36:00 PM
|
|
|
tshinder
Posts: 46971
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Paul,
The example provided was not for a hosting environment, but for self-hosting, where using the same domain name internally and externally IS a best practice for transparency for remote access users. I *always* deploy a well designed split DNS infrastructure, since users love it and there are no adverse security issues.
However, a well-designed split DNS will work for a hosting environment too -- and I have deployed it as such. Works great and the users love it since they don't have to monkey around with application settings based on their current location.
HTH,
Tom
[ August 28, 2005, 01:37 PM: Message edited by: tshinder ]
|
|
|
|
|
RE: Discussion of using a Wildcard Certificate in ISA20... - 5.Oct.2005 11:53:00 AM
|
|
|
jiml
Posts: 1
Joined: 5.Oct.2005
Status: offline
|
Tom,
Is it possible to publish virtual webs from a server utilizing host headers and a wildcard cert on the IIS and ISA box as well. I.e. wildcard Cert on IIS and ISA is *.mydomain.com; the IIS server hosts two sites user.mydomain.com and int.user.mydomain.com via host headers; a web listener configured using *.mydomain.com; separate publishing rules, one each referencing a published name for user.mydomain.com and the other referencing int.user.mydomain.com; Host file on the ISA box for the resolution of the internal URLĘs.
As a secondary question not directly related to the above scenario, can you create a publishing rule using a wildcard as part of the server name and public name in a SSL bridging scenario? I donĘt see how this would work, but the attempt is to be able to create a single rule to publish a number of different SSL sites so they would only have to have a single certificate for all the internal webs; using a host file on the ISA server to resolve the different URLs.
Jim
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Confused]](/image/smiles/confused.gif)
