OK Tom, I agree this article was wrong. I do not want to use client certificates. But anyway, my problem is not solved! I want to secure publish a web site using web publishing rules. If I understand things correct, there is no way to just TUNNEL the incoming ssl request to the internal web server. With web publishing its only possible to BRIDGE the ssl request either as HTTP or SSL (establishing a new ssl connection to internal web server)... Correct? However, to terminate the incoming ssl request at the ISA server it needs a SERVER certificate. I imported a X.509 certificate (exported from the internal web server running iis 4.0) to the local machine in the folder "personal"... After restarting the services and even rebooting the machine it is not posible for me to set up an incoming web request listener to use this imported certificate. I just get the error "there are no certificates configured on this server"... I already read your "Questions of the week" http://www.isaserver.org/tutorials/Tom_Shinders_ISA_Server_Questions_of_the_ Week__August_5_2002.html <http://www.isaserver.org/tutorials/Tom_Shinders_ISA_Server_Questions_of_the _Week__August_5_2002.html> issue which covers this problem. But even changing the certificate properties to "Enable only the following purpose (Server authentication)" did not solve my problem... I followed each step exactly as mentioned in your first book. Maybe you have another idea? Greets. Christian -----Ursprüngliche Nachricht----- Von: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Gesendet: Montag, 19. Mai 2003 17:12 An: [ISAserver.org Discussion List] Betreff: [isalist] RE: Secure Publishing beginner questions http://www.ISAserver.org Hi Christian, Be very clear that this article explains what's required when the Web site on the internal network request client certificate AUTHENTICATION. Make sense? Its NOT required to create an SSL link for SSL to SSL bridging. HTH, Tom Thomas W Shinder <http://www.isaserver.org/shinder> www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp -----Original Message----- From: Christian.Schramm@xxxxxxxxxxxxxx [mailto:Christian.Schramm@xxxxxxxxxxxxxx] Sent: Monday, May 19, 2003 10:04 AM To: [ISAserver.org Discussion List] Subject: [isalist] Secure Publishing beginner questions http://www.ISAserver.org First, I found an answer to my first question (it is only possible with server publishing)... To the second point: in the meatime I found an article ( <http://support.microsoft.com/support/kb/articles/Q281/1/06.ASP> http://support.microsoft.com/support/kb/articles/Q281/1/06.ASP) explaining that the certificate should be imported under service account (and selecting "Microsoft Web Proxy Service")... Anyway, same error occurs even after restarting the server ;-(( Does nobody has a comment on this one?? Greets Christian -----Ursprüngliche Nachricht----- Von: Christian.Schramm@xxxxxxxxxxxxxx [mailto:Christian.Schramm@xxxxxxxxxxxxxx] Gesendet: Montag, 19. Mai 2003 14:42 An: [ISAserver.org Discussion List] Betreff: [isalist] Secure Publishing beginner questions http://www.ISAserver.org Hi all... 1. Is it possible to pipe ssl requests through isa to the internal web server without installing a certificate on isa itself? Only possible with server publishing? 2. I have problems installing a certificate exported from iis 4.0 on the isa server computer. The certificates-mmc shows up the certificate in "Personal \Certificates". The certificate was installed using "Local machine". I also reconfigured the certificate properties to "Only Enable the follwing purposes (Server authentication)"... However, when I want to set the incoming web request listener to use a certificate it says "there are no certificates configured on this server"... I restarted ISA management and the whole computer but no change... Anyone has some other tips?? Greets, Christian ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: christian.schramm@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')