[isalist] Re: wildcard cert issue

  • From: Zoran Marjanovic <zoka_it@xxxxxxxxxxxx>
  • To: isalist@xxxxxxxxxxxxx
  • Date: Mon, 30 Jul 2007 16:58:56 -0700 (PDT)

Thanks Jim. 


----- Original Message ----
From: Jim Harrison <Jim@xxxxxxxxxxxx>
To: isalist@xxxxxxxxxxxxx
Sent: Tuesday, 31 July, 2007 9:43:45 AM
Subject: [isalist] Re: wildcard cert issue


http://www.ISAserver.org
-------------------------------------------------------
  
The problem isn't the rules, but the certificate.
A wildcard certificate for *.domain.com will not validate when the
client asks for domain.com.
The users will get a "cert error" warning from their application
(browser, whatever) stating that the certificate name doesn't match the
hostname requested.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Zoran Marjanovic
Sent: Monday, July 30, 2007 3:15 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: wildcard cert issue

Thank you Gerald. I will go with redirection. 
So this cannot be done through local mappings on ISA?
When I configure it and check the rule's mappings table, it shows
exactly what I need, but simply does not apply to requests.

Zoran

----- Original Message ----
From: Gerald G. Young <g.young@xxxxxxxx>
To: isalist@xxxxxxxxxxxxx
Sent: Monday, 30 July, 2007 11:57:31 PM
Subject: [isalist] Re: wildcard cert issue



On the IIS server, add a redirect to the working SSL URL in the default
webpage that gets loaded.  You may need to do some extra coding to get
http://domain.com <http://domain.com/>  to redirect to
http://www.domain.com <http://www.domain.com/>  and https://domain.com
<https://domain.com/>  to redirect to https://www.domain.com
<https://www.domain.com/>  but that would be the way I would work it.



Examples of redirects using different code can be found at the following
link:



http://www.seocompany.ca/seo/url-redirect.html



Cordially yours,

Jerry G. Young II

Application Engineer

Platform Engineering and Architecture

NTT America, an NTT Communications Company



22451 Shaw Rd.

Sterling, VA 20166



Office: 571-434-1319

Fax: 703-333-6749

Email: g.young@xxxxxxxx <mailto:g.young@xxxxxxxx> 



From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Zoran Marjanovic
Sent: Monday, July 30, 2007 5:19 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] wildcard cert issue



Hi guys,



I have a tricky situation her. (ISA 2006-array)



Our client has a site with these URLs: http://www.domain.com
<http://www.domain.com/>  and https://www.domain.com
<https://www.domain.com/> 

They use *.domain.com cert for https, and this works.



Now they want their clients to access it over these URLs too:

http://domain.com <http://domain.com/>  and https://domain.com
<https://domain.com/>  



http://domain <http://domain.com/> .com works, but if a user access it
over https://domain.com <https://domain.com/>  he/she gets the "cert
error" notice.



I tried to fix it using "user defined" translations under "local
mappings" but no success.



Any ideas? They do not want to buy another cert. L  



Thanks.



Zoran





________________________________

Yahoo!7 Mail has just got even bigger and better with unlimited storage
on all webmail accounts. Find out more
<http://au.docs.yahoo.com/mail/unlimitedstorage.html> .



________________________________

Yahoo!7 Mail has just got even bigger and better with unlimited storage
on all webmail accounts. Find out more
<http://au.docs.yahoo.com/mail/unlimitedstorage.html> .

All mail to and from this domain is GFI-scanned.

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx


      
____________________________________________________________________________________
Yahoo!7 Mail has just got even bigger and better with unlimited storage on all 
webmail accounts. 
http://au.docs.yahoo.com/mail/unlimitedstorage.html

Other related posts: