RE: Secure Publishing beginner questions
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 19 May 2003 11:03:42 -0500
Hi Christian,
Try exporting the certificate again. Make sure that the private key is exported
and do not select the "high security" option (or something like that, I don't
recall the exact meaning). Make sure you import it into the MACHINE'S PERSONAL
certificate store.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp>
-----Original Message-----
From: Christian.Schramm@xxxxxxxxxxxxxx
[mailto:Christian.Schramm@xxxxxxxxxxxxxx]
Sent: Monday, May 19, 2003 10:46 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Secure Publishing beginner questions
http://www.ISAserver.org
OK Tom,
I agree this article was wrong. I do not want to use client
certificates.
But anyway, my problem is not solved!
I want to secure publish a web site using web publishing rules. If I
understand things correct, there is no way to just TUNNEL the incoming ssl
request to the internal web server. With web publishing its only possible to
BRIDGE the ssl request either as HTTP or SSL (establishing a new ssl connection
to internal web server)... Correct?
However, to terminate the incoming ssl request at the ISA server it
needs a SERVER certificate. I imported a X.509 certificate (exported from the
internal web server running iis 4.0) to the local machine in the folder
"personal"... After restarting the services and even rebooting the machine it
is not posible for me to set up an incoming web request listener to use this
imported certificate. I just get the error "there are no certificates
configured on this server"... I already read your "Questions of the week"
http://www.isaserver.org/tutorials/Tom_Shinders_ISA_Server_Questions_of_the_Week__August_5_2002.html
issue which covers this problem. But even changing the certificate properties
to "Enable only the following purpose (Server authentication)" did not solve my
problem...
I followed each step exactly as mentioned in your first book. Maybe you
have another idea?
Greets.
Christian
-----Ursprüngliche Nachricht-----
Von: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Gesendet: Montag, 19. Mai 2003 17:12
An: [ISAserver.org Discussion List]
Betreff: [isalist] RE: Secure Publishing beginner questions
http://www.ISAserver.org
Hi Christian,
Be very clear that this article explains what's required when
the Web site on the internal network request client certificate AUTHENTICATION.
Make sense? Its NOT required to create an SSL link for SSL to SSL bridging.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
-----Original Message-----
From: Christian.Schramm@xxxxxxxxxxxxxx
[mailto:Christian.Schramm@xxxxxxxxxxxxxx]
Sent: Monday, May 19, 2003 10:04 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Secure Publishing beginner questions
http://www.ISAserver.org
First, I found an answer to my first question (it is
only possible with server publishing)...
To the second point: in the meatime I found an article
(http://support.microsoft.com/support/kb/articles/Q281/1/06.ASP
<http://support.microsoft.com/support/kb/articles/Q281/1/06.ASP> ) explaining
that the certificate should be imported under service account (and selecting
"Microsoft Web Proxy Service")... Anyway, same error occurs even after
restarting the server ;-((
Does nobody has a comment on this one??
Greets
Christian
-----Ursprüngliche Nachricht-----
Von: Christian.Schramm@xxxxxxxxxxxxxx
[mailto:Christian.Schramm@xxxxxxxxxxxxxx]
Gesendet: Montag, 19. Mai 2003 14:42
An: [ISAserver.org Discussion List]
Betreff: [isalist] Secure Publishing beginner
questions
http://www.ISAserver.org
Hi all...
1. Is it possible to pipe ssl requests through
isa to the internal web server without installing a certificate on isa itself?
Only possible with server publishing?
2. I have problems installing a certificate
exported from iis 4.0 on the isa server computer. The certificates-mmc shows up
the certificate in "Personal \Certificates". The certificate was installed
using "Local machine". I also reconfigured the certificate properties to "Only
Enable the follwing purposes (Server authentication)"... However, when I want
to set the incoming web request listener to use a certificate it says "there
are no certificates configured on this server"... I restarted ISA management
and the whole computer but no change... Anyone has some other tips??
Greets,
Christian
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: christian.schramm@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
