How to install and use certificates for SSL connections in ISA Server 2006 and ISA Server 2004 (840614)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Standard Edition
  • Microsoft Internet Security and Acceleration Server 2004, Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition

INTRODUCTION

This article discusses Microsoft Internet Security and Acceleration Server (ISA) 2006 and ISA Server 2004 publishing scenarios where Secure Sockets Layer (SSL) server certificates are typically used. The article also discusses how to configure an SSL server or SSL client authentication certificate on the computer that is running ISA Server.

MORE INFORMATION

SSL server certificates are typically used in the following ISA Server publishing scenarios:
  • Publishing by using server publishing rules
    ISA Server uses server publishing to process incoming requests to internal servers. A network address translation (NAT) relationship between the following networks helps protect internal servers:
    • The network where client requests are received
    • The network where the published server is located
    Published IP addresses are actually those of the ISA Server computer that is helping to protect internal resources. Typically, server publishing rules are used to publish protocols other than HTTP or HTTPS. Server publishing rules can be used to publish servers that are running Microsoft SQL Server. When server publishing is over a secure SSL connection, an SSL server certificate must exist on the published server. No SSL processing occurs on the ISA Server computer.
  • Publishing by using Web publishing rules
    Web publishing is the recommended method for publishing HTTP or HTTPS protocols. You can publish an Microsoft Outlook Web Access server by using ISA Server.

    When you use Web publishing rules and ISA Server to publish an internal Web server, client requests for the Web server arrive at the ISA Server computer over an HTTPS connection. Client requests are forwarded (bridged) from ISA Server to the published Web server.

    You can forward HTTPS client requests from the ISA Server computer to the published Web server over HTTP. In this scenario, ISA Server authenticates the client that makes the request by using an SSL server certificate. An SSL certificate is required only on the ISA Server computer.

    Alternatively, you can forward HTTPS requests to the published Web server over HTTPS. In this scenario, ISA Server authenticates the requesting client by using an SSL server certificate. The published Web server authenticates the ISA Server computer by using an SSL server certificate. A certificate is required on both the ISA Server computer and the published Web server.
For more information about how to configure certificates and about how to troubleshoot specific certificate errors, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkID=48904

For more information about Web Publishing and Server Publishing scenarios and about how to troubleshoot publishing configurations, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkID=60379

For more information about scenarios in which SSL certificates are required on an ISA Server computer or on published servers that are behind an ISA Server computer, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkID=46424

This Web site also discusses procedures for obtaining and for installing SSL certificates.

For more information about ISA Server 2006, visit the following Microsoft Web site:

http://www.microsoft.com/technet/isa/2006/default.mspx

Modification Type:MinorLast Reviewed:9/22/2006
Keywords:kbISA2006Swept kbhowto KB840614 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.