The way I have it setup in my Beta testing is that I have a Front-end server sitting in front of my ISA box with a Certificate and then I publish it through ISA to my backend server. Seems to work okay. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, June 24, 2003 11:19 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT SSL http://www.ISAserver.org Hi Mark, Because Verisign sells the certs and they say you need to pay for a cert for each machine. However, if the question is whether you need two SSL certs to make the FE/BE config work, I'm pretty sure you don't. Just install the single cert on the ISA firewall and bind it to the listener. HTH, Tom Thomas W Shinder <http://www.isaserver.org/shinder> www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp -----Original Message----- From: Kingery, Mark [mailto:Mark.Kingery@xxxxxxxxxxxxxx] Sent: Tuesday, June 24, 2003 11:12 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT SSL http://www.ISAserver.org Just curious why is two needed? -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, June 24, 2003 11:05 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT SSL http://www.ISAserver.org Hi Winston, Unfortuatnely, that is correct. If you have Administrative control over the clients, you might consider using your own certificate server. This also discourages users from using Kiosks and other unsecure sites from connecting to OWA. I never allow connections from completely unmanaged and untrusted computers, so if you have that option, you might consider it. HTH, Tom Thomas W Shinder <http://www.isaserver.org/shinder> www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: mark.kingery@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')