I did find the helpful but I have fun into a problem. I configured everything similar as your walk-through with one exception: on the Web Publish Rule I didn't check "require secure channel (SSL) for published site" or "require 128-bit encryption". We want to give users warning that we are switching to https vs http and give them time to update their bookmarks before we force them to https. Here is my problem. I can't reach the https URL. I can reach the OWA server directly from inside ISA via SSL and the http URL is still working (inside and out). Aside from the restart of the web proxy service while configuring the Incomming Web Requests, is there a need to restart the services at the end of the process? Where else could I have gone wrong? Thanks, - Matt Matthew Bailey LAN Engineer CSK Auto, Inc. Voice: 602.631.7486 Fax: 602.294.7486 -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, August 05, 2003 4:03 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA, SSL, and ISA http://www.ISAserver.org Hi Matt, No problem! :-) If you find the articles helpful, let us know. If there's something missing, let me know and I'll fix them up. Thanks! Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Bailey, Matthew [mailto:MBailey@xxxxxxxxxxx] Sent: Tuesday, August 05, 2003 5:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA, SSL, and ISA http://www.ISAserver.org I thought to check the isaserver.org site after posting my question *doh*. I haven't had time to read the "lackluster" series of articles but I will. It appears that is the best way for me to proceed at this point. Thanks, - Matt Matthew Bailey LAN Engineer CSK Auto, Inc. Voice: 602.631.7486 Fax: 602.294.7486 -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, August 05, 2003 3:07 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA, SSL, and ISA http://www.ISAserver.org Hi Matt, The problem with Server Publishing is you lose a LOT of security. You can use the RRAS port forwarding mechanism and get the same level of functionality. Notice I say level of functionality, since Server Publishing won't add any ISA Server firewall based security at all. If you want to get your money's worth, you'll use Web Publishing and SSL to SSL bridging, as described in some lackluster series of articles someone wrote on Publishing OWA recently ;-) The KB 307347 is a non issue. Just install Feature Pack 1, or create the Registry entry. And if you do SSL to SSL bridging (like you should) its not an issue at all, because SSL to SSL bridging solves the problem completely without requiring the registry fix. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Bailey, Matthew [mailto:MBailey@xxxxxxxxxxx] Sent: Tuesday, August 05, 2003 4:16 PM To: [ISAserver.org Discussion List] Subject: [isalist] OWA, SSL, and ISA http://www.ISAserver.org I have my OWA server published through ISA using KB Article 290113. We are now adding a SSL Cert to the server and want to publish it through ISA. It appears there are 2 methods for doing it: 1. Export the SSL Cert to ISA 2. Use a server publising to publish the SSL website It appears the that Option 1 has a few issues with it namely KB 307347 and increased overhead. I am leaning towards using a server publishing rule to do this but I have a concern. I want to continue to use http while I test the https connections and it will take some time for all my users to convert over to using https. How will setting up the server publish described in KB 298900 effect the current web publishing of the same site on port 80? Can they live in harmony? Links for the articles mentioned above: http://support.microsoft.com/default.aspx?scid=kb;EN-US;298900 http://support.microsoft.com/default.aspx?scid=kb;en-us;307347 Thanks, - Matt Matthew Bailey LAN Engineer CSK Auto, Inc. Voice: 602.631.7486 Fax: 602.294.7486 ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mbailey@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mbailey@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')