Publishing multiple SSL sites with ISA via a single IP address

September 23, 2008

I’ve recently been working on a project requiring Exchange 2007 accessed via Oulook anywhere (RPC over HTTP/S), Outlook Web Access (HTTPS) and SharePoint Server 2007 (HTTPS). This all needs to be securely published via ISA 2006.

After getting my Exchange and SharePoint boxes running and configured, I commenced with the publishing via ISA. I knew I was going to use SSL bridging, which is effectivley proxying the SSL request from the client to ISA to the server itself. This requires a valid SSL certificate to be installed on the server, and on ISA.

I installed the SSL certificates for SharePoint (with a common name of sharepoint.domain.com, for the sake of this post), setup the web listener and web publishing rules, tested and all was fine. I then installed the SSL certificates for OWA (With a common name of owa.domain.com, again for the sake of this post). It was at this point that I realised that you can only assign one SSL certificate per web listener, which would make one of my sites have an invalid SSL certificate as the common name would not match.

The solution to the problem is to use a wildcard SSL certificate on the ISA box. Having read this article – Troubleshooting SSL Certificates in ISA Server 2004 Publishing I noted this text:

ISA Server 2004 only supports wildcard certificates on the ISA Server computer. ISA Server 2006 also supports use of wildcard certificates on the published Web server. When using HTTPS to HTTPS bridging, you cannot use wildcard certificates to authenticate the back-end Web server.

Fine, so I need a wildcard SSL certificate on my ISA server (*.domain.com) and an SSL certificate on my SharePoint (sharepoint.domain.com) and Exchange (exchange.domain.com) servers…and thats as far as I got today! I will update this post after I have tried the wildcard SSL idea, fingers crossed!

In the mean time, you may want to check this article out from Mike O’Brians blog:
Creating a self signed wildcard certificate for IIS7

…and maybe this one, which I am hoping is relevent to ISA 2006!
Publishing Multiple Web Sites Using a Wildcard Certificate in ISA Server 2004

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: