Publishing a SSL protected site through ISA is more complicated than the MS technet articles show. The how-to’s and technet articles are slanted towards an enterprise-wide certificate authority instead of third party SSL certificates. At the size of the Centro target market, I don’t expect many organizations would have their own PKI infrastructures. The changes to the setup that should be noted are:
- After installing the third-party web certificate on the web server, open the IIS management consoleo Right click the SSL protected website and select properties
- On the directory security tab, press the Server Certificate button to start the certificate wizardo Select “Export the certificate to an PFX file” and select a password and file location
- At the ISA server, select Start >> Run and enter MMC to start a new MMC console
- Select File >> Add and Remove snap ins
- Add the Certificates snap in
- Select Computer account in the next screen.
- Once the MMC console is open, right click the Personal node and select Import
- Browse to the location of the PFX file and open ito Enter the password and click through the remaining dialog boxes to import the cerficate.
If you just open the PFX file, the certificate will get automatically placed in Current User >> Personal and the only location that ISA will accept the certificate and private key is Computer >> Personal – a point that is not mentioned in the ISA documentation. The import wizard available from opening the PFX file will not give you that option.
I guess this is a more secure way to access an SSL protected website but it seems very complicated.
No comments:
Post a Comment