Discussion of using a Wildcard Certificate in ISA2004 article

Discussion of using a Wildcard Certificate in ISA2004 article (Full Version)

All Forums >> [ISA Server 2000 General] >> Web Publishing

Message

tshinder -> Discussion of using a Wildcard Certificate in ISA2004 article (1.Feb.2004 8:34:00 PM)
This thread is for discussing the Using a wildcard certificate in ISA2004 article at http://isaserver.org/tutorials/2004wildcardcert.html. Thanks! Tom [ February 01, 2004, 08:43 PM: Message edited by: tshinder ]

jide -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (1.Feb.2004 10:49:00 PM)
Hi Tom, Good and informative information as always. But can you do the same thing on ISA 2000 or is this only possible with ISA2004. Thanks. Jide

tshinder -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (1.Feb.2004 10:54:00 PM)
Hi Jide, Works great in ISA2000 too. HTH, Tom

willabr -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (2.Feb.2004 3:59:00 AM)
Publishing Multiple Web Sites: When I get to adding the second site (www) I do not have the "Create a new certificate" selection. I would have to remove the current certifacte (owa) before I can create a new one. Is this correct or have I done something out of order. Thansk

tshinder -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (2.Feb.2004 5:04:00 AM)
Hi Bruce, The second site, which listens for "www.domain.com", is on a different Web server, not the same one as the OWA site. Check out the sample lab config to see that there are two Web servers in use. You can accomplish a similar thing with one Web server if you've created two virtual Web servers. HTH, Tom

andifur -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (2.Feb.2004 3:40:00 PM)
This is great, but for audit reaons,we are not allowed to publish SSL sites with home grown certs. Do you know if Verisgn or Thawte allow the creation of wildcard certs? [ February 02, 2004, 03:40 PM: Message edited by: andifur ]

tshinder -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (2.Feb.2004 3:44:00 PM)
Hi Anthony, Possibly. I know of less well-known public cert providers that do this, but the big boys probably would require an arm and a leg, since you pay per cert. Tom

Linke Loe -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (2.Feb.2004 9:54:00 PM)
Hi Tom. I gues this would also work when you only have to publish the OWA-site? For me it didn't. I followed all steps in your article except those for the second website. When I try to access my OWA-site I get the error mesage: 403 - Forbidden. The server denies the specified URL. Thanks for the article though. Great work.

Linke Loe -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (2.Feb.2004 11:30:00 PM)
I've taken a closer look at what happens. I've monitored and logged my requests for my OWA-site and saw that every request I made was denied by the default firewall rule, wich denies all traffic. This means that the firewall policy skips the firewall rule created by the web publishing wizard. When I took a closer look at the firewall rule for the OWA publishing, I saw that the protocols allowed are HTTP and HTTPS, not 'HTTPS Server'. Could this be the problem?

Linke Loe -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (4.Feb.2004 3:56:00 PM)
I've run the article over again and suddenly, the publishing worked...

tshinder -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (9.Feb.2004 11:17:00 AM)
Hi Linke, That's how it usually works for me Good to hear you got it working and thanks for the follow up! Tom

i-have -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (25.Feb.2004 7:28:00 PM)
I have the following question about publishing the owa site on a different name than the internal domain name. I followed the totural with the different name than the domain. From the internet everyting is working oke. But from the inside (firewall clients) I get an error: <TD width= The page cannot be displayed I added the different name to my dns server as a lookup zone and added the exchange server to it. Now it only works when I turn of the firewall client. Is there another way of doing this? Already thanks! i-have

gatorz -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (28.Feb.2004 3:20:00 AM)
When i go to select the cert in the new Web listener, it tells me there are no certificates configured on this server i have verified that the certificate is installed per the article any ideas

gatorz -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (28.Feb.2004 3:20:00 AM)
When i go to select the cert in the new Web listener, it tells me there are no certificates configured on this server i have verified that the certificate is installed per the article any ideas

JamesD -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (19.Apr.2004 5:51:00 PM)
Just a warning regarding Wildcard certificates... the successful validation (client-side) of SSL certificates is application dependant. For example, using your PocketPC to browse a web site protected by a wildcard SSL certificate works fine..... however, if you publish Server ActiveSync using a wildcard SSL certificate, the client-side ActiveSync application will refuse to validate the server's certificate (unless certificate validation is disabled). This has been confirmed as expected behaviour by Microsoft PSS. So just beware, and double-check any non-browser apps before you shell out! Cheers, James.

paulbaldwin -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (19.Apr.2004 7:33:00 PM)
Hi James, You've got me there. I've been using a wildcard certificate for OWA, OMA, RPC over HTTP, Sharepoint and Exchange ActiveSync! I used both SmartPhones and iPaqs running PocketPC 2002 (and 2003 I think). What have Microsoft PSS been telling you?

tshinder -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (19.Apr.2004 8:25:00 PM)
Hey guys, Paul is THE MAN when it comes to ISA and Smart Phone deployment. When he says it works, it DOES. HTH< Tom

paulbaldwin -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (20.Apr.2004 11:22:00 AM)
Hi All, Why do I feel like I'm hanging by a thread over an abyss when Tom says something like that? James is pretty well correct! In my post I said "2003 I think" because I had no-one running it at the time -- but I had to check and: Windows Mobile 2003 does not support wildcard certificates! Both ActiveSync and Pocket IE will complain about the common-name on the certificate not matching the site name. Yet PPC2002 works fine. Drat; caught with my trousers down... again!

tshinder -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (20.Apr.2004 11:40:00 AM)
Hi Paul, LOL! Been there myself a few times Keep up the good work! Tom

Guest -> RE: Discussion of using a Wildcard Certificate in ISA2004 article (23.Apr.2004 2:03:00 AM)
I have having the same problem as gatorz posted. Any ideas? Thanks! --------------------------------- >gatorz >posted February 28, 2004 03:20 AM >-------------------------------- > When i go to select the cert in the new Web listener, it tells me there are no certificates configured on this server i have verified that the certificate is installed per the article >any ideas

Page: [1] 2 3 next > >>