Thanks Jim. ----- Original Message ---- From: Jim Harrison <Jim@xxxxxxxxxxxx> To: isalist@xxxxxxxxxxxxx Sent: Tuesday, 31 July, 2007 9:43:45 AM Subject: [isalist] Re: wildcard cert issue http://www.ISAserver.org ------------------------------------------------------- The problem isn't the rules, but the certificate. A wildcard certificate for *.domain.com will not validate when the client asks for domain.com. The users will get a "cert error" warning from their application (browser, whatever) stating that the certificate name doesn't match the hostname requested. -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Zoran Marjanovic Sent: Monday, July 30, 2007 3:15 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: wildcard cert issue Thank you Gerald. I will go with redirection. So this cannot be done through local mappings on ISA? When I configure it and check the rule's mappings table, it shows exactly what I need, but simply does not apply to requests. Zoran ----- Original Message ---- From: Gerald G. Young <g.young@xxxxxxxx> To: isalist@xxxxxxxxxxxxx Sent: Monday, 30 July, 2007 11:57:31 PM Subject: [isalist] Re: wildcard cert issue On the IIS server, add a redirect to the working SSL URL in the default webpage that gets loaded. You may need to do some extra coding to get http://domain.com <http://domain.com/> to redirect to http://www.domain.com <http://www.domain.com/> and https://domain.com <https://domain.com/> to redirect to https://www.domain.com <https://www.domain.com/> but that would be the way I would work it. Examples of redirects using different code can be found at the following link: http://www.seocompany.ca/seo/url-redirect.html Cordially yours, Jerry G. Young II Application Engineer Platform Engineering and Architecture NTT America, an NTT Communications Company 22451 Shaw Rd. Sterling, VA 20166 Office: 571-434-1319 Fax: 703-333-6749 Email: g.young@xxxxxxxx <mailto:g.young@xxxxxxxx> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Zoran Marjanovic Sent: Monday, July 30, 2007 5:19 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] wildcard cert issue Hi guys, I have a tricky situation her. (ISA 2006-array) Our client has a site with these URLs: http://www.domain.com <http://www.domain.com/> and https://www.domain.com <https://www.domain.com/> They use *.domain.com cert for https, and this works. Now they want their clients to access it over these URLs too: http://domain.com <http://domain.com/> and https://domain.com <https://domain.com/> http://domain <http://domain.com/> .com works, but if a user access it over https://domain.com <https://domain.com/> he/she gets the "cert error" notice. I tried to fix it using "user defined" translations under "local mappings" but no success. Any ideas? They do not want to buy another cert. L Thanks. Zoran ________________________________ Yahoo!7 Mail has just got even bigger and better with unlimited storage on all webmail accounts. Find out more <http://au.docs.yahoo.com/mail/unlimitedstorage.html> . ________________________________ Yahoo!7 Mail has just got even bigger and better with unlimited storage on all webmail accounts. Find out more <http://au.docs.yahoo.com/mail/unlimitedstorage.html> . All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ____________________________________________________________________________________ Yahoo!7 Mail has just got even bigger and better with unlimited storage on all webmail accounts. http://au.docs.yahoo.com/mail/unlimitedstorage.html