How to Use a Certificate for SSL Authentication Within a Web Publishing Rule (281106)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2000
This article was previously published under Q281106

SUMMARY

This article describes how to set up Internet Security and Acceleration (ISA) Server 2000 to publish a Web site that requires clients to use certificates for authentication. This is required for Web sites that use certificate-based authentication as the only means of making Secure Sockets Layer connections.

Before you can specify a certificate in the Web Publishing Rule in ISA Server, you must first set up the certificate to be used by the Microsoft Web Proxy service on the ISA server.

MORE INFORMATION

To set up the certificate to be used by the Web Proxy service:
  1. Set up access to all certificates that have been set up for the Microsoft Web Proxy Service:
    1. Click Start, click Run, type mmc, and then click OK.
    2. Add the Certificates Snap-in.
    3. Click Service Account, and then click local computer.
    4. Click Microsoft Web Proxy service in the drop-down list.
    5. Click Finish, and then click OK until you are back in the Microsoft Management Console (MMC).
  2. Install the certificate to be used by ISA to connect to the restricted Web site. Use either of the two following methods to load this certificate (either way, you must place the certificate in the W3Proxy\Personal/Certificates folder):
    1. Import a certificate from a file by right-clicking the W3Proxy\Personal folder, clicking All Tasks, and then clicking Import; this starts the Import wizard with which you can select your previously exported certificate file.
    2. Copy a previously loaded certificate file from its present location on the ISA server and then paste that certificate into the "W3Proxy\Personal"/Certificates folder. By doing this, you can use the certificate in two locations at once, such as "local computer" or "user" certificates.
  3. Close the Certificates MMC snap-in, and then open the ISA management console.
  4. Open the properties for the Web Publishing Rule to use Certificate Authentication.
  5. On the Bridging tab, select the Use a certificate to authenticate to the SSL Web server check box, and then click Select.
  6. The Select Certificate windows appears with a list of all of the certificates that are assigned to the Microsoft Web Proxy service. If you assign multiple certificates to the Microsoft Web Proxy service, you can assign a certificate per Web Publishing Rule.
Modification Type:MinorLast Reviewed:1/15/2006
Keywords:kbenv kbhowto KB281106
©2004 Microsoft Corporation. All rights reserved.