Microsoft KB Archive/840614

= How to install and use certificates for SSL connections in ISA Server 2006 and ISA Server 2004 =

Article ID: 840614

Article Last Modified on 12/4/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
 * Microsoft Internet Security and Acceleration Server 2006 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition

-





INTRODUCTION
This article discusses Microsoft Internet Security and Acceleration Server (ISA) 2006 and ISA Server 2004 publishing scenarios where Secure Sockets Layer (SSL) server certificates are typically used. The article also discusses how to configure an SSL server or SSL client authentication certificate on the computer that is running ISA Server.



MORE INFORMATION
SSL server certificates are typically used in the following ISA Server publishing scenarios:  Publishing by using server publishing rules

ISA Server uses server publishing to process incoming requests to internal servers. A network address translation (NAT) relationship between the following networks helps protect internal servers:  The network where client requests are received The network where the published server is located

Published IP addresses are actually those of the ISA Server computer that is helping to protect internal resources. Typically, server publishing rules are used to publish protocols other than HTTP or HTTPS. Server publishing rules can be used to publish servers that are running Microsoft SQL Server. When server publishing is over a secure SSL connection, an SSL server certificate must exist on the published server. No SSL processing occurs on the ISA Server computer. Publishing by using Web publishing rules

Web publishing is the recommended method for publishing HTTP or HTTPS protocols. You can publish an Microsoft Outlook Web Access server by using ISA Server.

When you use Web publishing rules and ISA Server to publish an internal Web server, client requests for the Web server arrive at the ISA Server computer over an HTTPS connection. Client requests are forwarded (bridged) from ISA Server to the published Web server.

You can forward HTTPS client requests from the ISA Server computer to the published Web server over HTTP. In this scenario, ISA Server authenticates the client that makes the request by using an SSL server certificate. An SSL certificate is required only on the ISA Server computer.

Alternatively, you can forward HTTPS requests to the published Web server over HTTPS. In this scenario, ISA Server authenticates the requesting client by using an SSL server certificate. The published Web server authenticates the ISA Server computer by using an SSL server certificate. A certificate is required on both the ISA Server computer and the published Web server.

For more information about how to configure certificates and about how to troubleshoot specific certificate errors, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkID=48904

For more information about Web Publishing and Server Publishing scenarios and about how to troubleshoot publishing configurations, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkID=60379

For more information about scenarios in which SSL certificates are required on an ISA Server computer or on published servers that are behind an ISA Server computer, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkID=46424

This Web site also discusses procedures for obtaining and for installing SSL certificates.

For more information about ISA Server 2006, visit the following Microsoft Web site:

http://www.microsoft.com/technet/isa/2006/default.mspx

Keywords: kbhowto kbisa2006swept KB840614

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.