RE: Wildcard Certificate question

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 1 Jul 2005 09:25:19 -0500

Hi Bill,

Try this:

Open and close the ISA console

Make sure the private key is included with the wildcard cert

HTH,

Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: Bill Mayo [mailto:bemayo@xxxxxxxxxxxxx] 
> Sent: Friday, July 01, 2005 8:12 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Wildcard Certificate question
> 
> http://www.ISAserver.org
> 
> A1 - Trying to select under "Incoming Web Requests" tab in 
> the listener
> list (under the radio buttons).  I am trying to edit the 
> existing listener
> and then the select box labeled "Use a server certificate to 
> authenticate
> the web clients".  FWIW, I also tried adding a new one and 
> changing it to
> be the same listener for all IP addresses, but neither of those places
> showed it as an option either.
> 
> A2 - I created the certificate on the new web server.  I then 
> exported it
> to file, copied the file to the ISA Server and imported it into the
> Personal certificates.  (It does show up there.)
> 
> > ..probably did something wrong.
> > Q1 - where are you trying to select the certificate?
> > Q2 - where (exactly) did you install said certificate?
> > 
> > -----Original Message-----
> > From: Bill Mayo [mailto:bemayo@xxxxxxxxxxxxx] 
> > Sent: Thursday, June 30, 2005 8:33 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Wildcard Certificate question
> > 
> > http://www.ISAserver.org
> > 
> > I tried doing this, but the ISA Server does not show the wildcard
> > certificate as a choice.  Does this not work in ISA Server 
> 2000, or am I
> > doing something wrong?
> > 
> > Bill Mayo
> > Pitt County MIS
> > 
> > > Essentially, you're correct, with one caveat:
> > > - you cannot use the wildcard cert on the web server itself - ISA
> > > doesn't recognize them.
> > > 
> > > -------------------------------------------------------
> > >    Jim Harrison
> > >    MCP(NT4, W2K), A+, Network+, PCG
> > >    http://isaserver.org/Jim_Harrison/
> > >    http://isatools.org
> > >    Read the help / books / articles!
> > > -------------------------------------------------------
> > >  
> > > -----Original Message-----
> > > From: Bill Mayo [mailto:bemayo@xxxxxxxxxxxxx] 
> > > Sent: Thursday, June 30, 2005 07:48
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] Wildcard Certificate question
> > > 
> > > http://www.ISAserver.org
> > > 
> > > Currently, I have our OWA site published through ISA 
> Server.  It was
> > set
> > > up using Dr. Shinder's excellent "Publishing Exchange 
> 2003 OWA with
> > ISA
> > > Server 2000" document.  I now have a need to add a second secured
> > site,
> > > and ran into a problem because the listener can only have one
> > > certificate.
> > > 
> > > I did some research and found the "Publishing Multiple 
> Web Sites using
> > a
> > > Wildcard Certificate in ISA Server 2004".  I have ISA 
> Server 2000, but
> > > it
> > > sounds like this should work with that version as well.
> > > 
> > > The article seems to be written from the perspective of a new
> > > installation.  Having setup 1 secured site (as indicated 
> above), I am
> > > wondering if all the steps are required.  Basically, is 
> it accurate to
> > > say
> > > that if I create a wildcard certificate on a different 
> server and set
> > my
> > > web listener to use it, there is no reason to disturb the 
> current OWA
> > > settings?  I am thinking that I can perform that 
> particular process
> > with
> > > the new server, change the certificate on the listener, 
> and then just
> > > add
> > > the new site.  Is this accurate?  I am a little wary about adding,
> > > removing, and re-adding certificates to that particular server,
> > > especially
> > > with the detailed instructions being for ISA 2004.
> > > 
> > > Thanks in advance (particular to Dr. Shinder for his excellent
> > > articles),
> > > Bill Mayo
> > > Pitt County MIS
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking: http://www.windowsnetworking.com
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org 
> Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > All mail to and from this domain is GFI-scanned.
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion 
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

Other related posts:

• » Wildcard Certificate question
• » RE: Wildcard Certificate question
• » RE: Wildcard Certificate question
• » RE: Wildcard Certificate question
• » RE: Wildcard Certificate question
• » RE: Wildcard Certificate question
• » RE: Wildcard Certificate question
• » RE: Wildcard Certificate question
• » RE: Wildcard Certificate question
• » RE: Wildcard Certificate question
• » RE: Wildcard Certificate question
• » RE: Wildcard Certificate question

1. Home
2. isalist
3. Archive
4. 07-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---