Hi
I have an ISA server and 3 internal web servers. My plan is to enable secure SSL access to our network for outside staff. It is not for public use and as such have not needed to purchase a commercial SSL certificate - instead I set up a local CA to issue the certificates. I have set up one of the three internal web servers as the local CA (certification authority). The internal web server acting as the local CA is called "dome.domain.com" (this will be the "common name"). This all worked fine. On the other two internal web servers I typed in the local CA ip address in the web browser followed by "/certsrv" and requested and installed SSL certificates on both machines with no problems at all. In the IIS on each internal web server I had to go to the Directory Security and click "Server Certificate". This took me through the final set up of the certificate on the two internal web servers and on each I ensured the common name as set as "dome.domain.com".
My problem is I now need to install a certificate on the ISA machine. However as the ISA machine cannot access the internet due to its set up (the default gateway is left blank) and also it does not have IIS (which is also normal). However as a result I cannot type in the local CA ip address in the web browswer followed by "/certsrv" in order to request a certificate.
Am I correct in assuming I need to install a certificate on the ISA machine? I assume I do as all access from the outside comes directly through the ISA machine before reaching the internal network. And I assume I need HTTPS to HTTPS bridging to make it more secure and therefore need a certificate installed on the ISA machine AND the internal web server machines that are involved in outside access.
Please can anyone help me resolve this problem? Do I need to import a certificate somehow? If so would this not then remove the certificate from that machine that I am importing from?
Thank you very much for any help.
Les
I have an ISA server and 3 internal web servers. My plan is to enable secure SSL access to our network for outside staff. It is not for public use and as such have not needed to purchase a commercial SSL certificate - instead I set up a local CA to issue the certificates. I have set up one of the three internal web servers as the local CA (certification authority). The internal web server acting as the local CA is called "dome.domain.com" (this will be the "common name"). This all worked fine. On the other two internal web servers I typed in the local CA ip address in the web browser followed by "/certsrv" and requested and installed SSL certificates on both machines with no problems at all. In the IIS on each internal web server I had to go to the Directory Security and click "Server Certificate". This took me through the final set up of the certificate on the two internal web servers and on each I ensured the common name as set as "dome.domain.com".
My problem is I now need to install a certificate on the ISA machine. However as the ISA machine cannot access the internet due to its set up (the default gateway is left blank) and also it does not have IIS (which is also normal). However as a result I cannot type in the local CA ip address in the web browswer followed by "/certsrv" in order to request a certificate.
Am I correct in assuming I need to install a certificate on the ISA machine? I assume I do as all access from the outside comes directly through the ISA machine before reaching the internal network. And I assume I need HTTPS to HTTPS bridging to make it more secure and therefore need a certificate installed on the ISA machine AND the internal web server machines that are involved in outside access.
Please can anyone help me resolve this problem? Do I need to import a certificate somehow? If so would this not then remove the certificate from that machine that I am importing from?
Thank you very much for any help.
Les
