How to install and use certificates for SSL connections in ISA Server 2006, ISA Server 2004, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008

Article translations Article translations
Article ID: 840614 - View products that this article applies to.
Expand all | Collapse all

INTRODUCTION

This article discusses Microsoft Internet Security and Acceleration Server (ISA) 2006, ISA Server 2004, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 publishing scenarios where Secure Sockets Layer (SSL) server certificates are typically used. The article also discusses how to configure an SSL server or SSL client authentication certificate on the computer that is running ISA Server, Forefront Threat Management Gateway Medium Business Edition or Windows Essential Business Server 2008.

MORE INFORMATION

SSL server certificates are typically used in the following ISA Server, Forefront Threat Management Gateway Medium Business Edition or Windows Essential Business Server 2008 publishing scenarios:
  • Publishing by using server publishing rules
    ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 use server publishing to process incoming requests to internal servers. A network address translation (NAT) relationship between the following networks helps protect internal servers:
    • The network where client requests are received
    • The network where the published server is located
    Published IP addresses are actually those of the ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 computer that is helping to protect internal resources. Typically, server publishing rules are used to publish protocols other than HTTP or HTTPS. Server publishing rules can be used to publish servers that are running Microsoft SQL Server. When server publishing is over a secure SSL connection, an SSL server certificate must exist on the published server. No SSL processing occurs on the ISA Server computer.
  • Publishing by using Web publishing rules
    Web publishing is the recommended method for publishing HTTP or HTTPS protocols. You can publish a Microsoft Outlook Web Access server by using ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008.

    When you use Web publishing rules and ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 to publish an internal Web server, client requests for the Web server arrive at the ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 computer over an HTTPS connection. Client requests are forwarded (bridged) from ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 to the published Web server.

    You can forward HTTPS client requests from the ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 computer to the published Web server over HTTP. In this scenario, ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 authenticates the client that makes the request by using an SSL server certificate. An SSL certificate is required only on the ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 computer.

    Alternatively, you can forward HTTPS requests to the published Web server over HTTPS. In this scenario, ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 authenticates the requesting client by using an SSL server certificate. The published Web server authenticates the ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 computer by using an SSL server certificate. A certificate is required on both the ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 computer and the published Web server.
For more information about how to configure certificates and about how to troubleshoot specific certificate errors, visit the following Microsoft Web site:
http://go.microsoft.com/fwlink/?LinkID=48904
For more information about Web Publishing and Server Publishing scenarios and about how to troubleshoot publishing configurations, visit the following Microsoft Web site:
http://go.microsoft.com/fwlink/?LinkID=60379
For more information about scenarios in which SSL certificates are required on an ISA Server computer or on published servers that are behind an ISA Server computer, visit the following Microsoft Web site:
http://go.microsoft.com/fwlink/?LinkID=46424
This Web site also discusses procedures for obtaining and for installing SSL certificates.

For more information about ISA Server 2006, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/forefront/edgesecurity/bb758895.aspx

Properties

Article ID: 840614 - Last Review: December 24, 2008 - Revision: 4.1
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2004 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Windows Essential Business Server 2008 Standard
  • Microsoft Forefront Threat Management Gateway, Medium Business Edition
Keywords: 
kbisa2006swept kbhowto KB840614

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com