[isalist] Re: ISA server 2006 and certificates

  • From: Jim Harrison <Jim@xxxxxxxxxxxx>
  • To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 29 Dec 2008 21:55:02 -0800

http://www.ISAserver.org
-------------------------------------------------------

CIL...

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Andrew Hodgson
Sent: Monday, December 29, 2008 7:22 AM
To: isalist
Subject: [isalist] ISA server 2006 and certificates

http://www.ISAserver.org
-------------------------------------------------------
  
Hi all,

Hope everyone had a good Christmas etc.

In a few days (the IT Idiot's Christmas holiday :(), I will be 
rebuilding our ISA 2006 server and setting up with 2 network adapters.

The first network adapter will be in our internal network, and the 
second will be on the DMZ with a public IP address.

The purpose of this is to allow me to continue to provide web proxy 
facilities to our users, but also to publish some servers as follows:

- OWA (HTTPS)
[Jim] - understood why.  As to the question of whether to use the same cert 
internally and externally; this depends on the cert licensing.
- LDAPS (from our Active Directory)
[Jim] - for what, exactly?
- POP3S (from Exchange)
[Jim] - there is no ISA certificate involved here

As I need to use certificates for all of these, will I need to get 
certificates for the internal servers that I am publishing, or can I use 
self signed certificates?  If the later, will I need to trust the 
certificates on the ISA server anywhere?
[Jim] I realize self-signed certs are cheap, but they're a bigger pain then 
they are a benefit, since you have to re-trust them each time they're issued.  
Not so with "real" certificates.

Also, I was planning to get one certificate for use with the ISA server, 
and apply that cert to multiple ports (eg HTTPS/POP3S), they will be 
known by the same name externally.
[Jim] - as noted above, there is no need to worry about an ISA certificate for 
POP3S publishing.

Thanks.
Andrew.
--
allpay.net Limited, Fortis et Fides, Whitestone Business Park, Whitestone, 
Hereford, HR1 3SE.
Registered in England No. 02933191. UK VAT Reg. No. 666 9148 88.

Telephone: 0870 243 3434, Fax: 0870 243 6041. 
Website: www.allpay.net
Email: enquiries@xxxxxxxxxx 

This email, and any files transmitted with it, is confidential and intended 
solely for the use of the
individual  or entity to whom it is addressed. If you have received this email 
in error please notify 
the allpay.net Information Security Manager at the number above.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 


------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 12-2008