http://www.ISAserver.org ------------------------------------------------------- CIL... -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Hodgson Sent: Monday, December 29, 2008 7:22 AM To: isalist Subject: [isalist] ISA server 2006 and certificates http://www.ISAserver.org ------------------------------------------------------- Hi all, Hope everyone had a good Christmas etc. In a few days (the IT Idiot's Christmas holiday :(), I will be rebuilding our ISA 2006 server and setting up with 2 network adapters. The first network adapter will be in our internal network, and the second will be on the DMZ with a public IP address. The purpose of this is to allow me to continue to provide web proxy facilities to our users, but also to publish some servers as follows: - OWA (HTTPS) [Jim] - understood why. As to the question of whether to use the same cert internally and externally; this depends on the cert licensing. - LDAPS (from our Active Directory) [Jim] - for what, exactly? - POP3S (from Exchange) [Jim] - there is no ISA certificate involved here As I need to use certificates for all of these, will I need to get certificates for the internal servers that I am publishing, or can I use self signed certificates? If the later, will I need to trust the certificates on the ISA server anywhere? [Jim] I realize self-signed certs are cheap, but they're a bigger pain then they are a benefit, since you have to re-trust them each time they're issued. Not so with "real" certificates. Also, I was planning to get one certificate for use with the ISA server, and apply that cert to multiple ports (eg HTTPS/POP3S), they will be known by the same name externally. [Jim] - as noted above, there is no need to worry about an ISA certificate for POP3S publishing. Thanks. Andrew. -- allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone, Hereford, HR1 3SE. Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88. Telephone: 0870 243 3434, Fax: 0870 243 6041. Website: www.allpay.net Email: enquiries@xxxxxxxxxx This email, and any files transmitted with it, is confidential and intended solely for the use of the individual or entity to whom it is addressed. If you have received this email in error please notify the allpay.net Information Security Manager at the number above. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx