How to publish SSL Web sites by using server publishing (298900)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2000
  • Microsoft BackOffice Server 2000
This article was previously published under Q298900

SUMMARY

You can publish Secure Sockets Layer (SSL) Web sites in several ways. You can use Web publishing to publish SSL Web sites. This method requires the movement of the SSL Web site certificate to the ISA server. For more information about this method, click the following article number to view the article in the Microsoft Knowledge Base:

292569 How to set up Internet Security and Acceleration Server to host Web sites by using the Secure Sockets Layer protocol

You can also use server publishing to publish SSL Web sites, and this method is described in this article. This method maps port 443 on the external interface through to the internal Web server on port 443 and provides the ability set up SSL without moving the SSL certificate from the internal Web server.

Note Server publishing is the only method for you can use to publish an SSL site with Microsoft Internet Information Server (IIS) 3.0. IIS 3.0 does not have the capability to export an SSL certificate, so you cannot use Web publishing with ISA.

MORE INFORMATION

How to server publish an SSL site by using ISA

Warning Before you can configure ISA to publish any internal Web site, you should not be running IIS on the ISA server. By default, IIS takes control of ports 80 and 443 on all IP address. Please remove IIS or use the information that is included in the following Microsoft Knowledge Base article to prevent IIS from binding to all interfaces. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

238131 How to disable socket pooling

To server publish an SSL site by using ISA, follow these steps:
  1. Start the ISA management console, right-click the Server publishing rule, and then click New rule.
  2. Name the rule that you are creating, for example, "SSL Web site", and then click Next.
  3. Type the address of your internal Web site that will process the SSL traffic, select the appropriate address for the external interface, and then click Next.
  4. Click the HTTPS protocol, and then click Next.
  5. Select the appropriate client set. Note that if the server is used by computers that are on the Internet, Any request would be appropriate.
  6. Click Next, and then click Finish.
  7. Stop the Firewall service, and then restart it.
Your SSL Web site should now be available on the external IP address of the ISA server. You may have to make DNS host record changes as appropriate to your environment to direct people to this address for your site.
Modification Type:MinorLast Reviewed:1/16/2006
Keywords:kbhowto kbnetwork kbTunneling KB298900
©2004 Microsoft Corporation. All rights reserved.