When using Web
publishing rules to publish a server, and Secure Sockets Layer (SSL) communication from external
clients is required, a server
certificate must be installed on the Microsoft Internet
Security and Acceleration (ISA) Server 2006 computer. In
addition, you may have a certificate installed on the internal Web
server. The listener configured for the Web publishing rule must be
configured to use the server certificate.
To install SSL certificates in a Web publishing scenario, follow
these steps:
Install a trusted root certificate on computers that will be
SSL clients of the ISA Server computer. If you are using a
certificate from a commercial certification authority (CA) that is
included in the Internet Explorer database of CAs, you do not have
to perform this step.
Generate a certificate request for the ISA Server computer.
When you specify the common name for the certificate, type the
fully qualified host name or Uniform Resource Locator (URL) that
external clients will type in their Web browser to access the Web
site (for example: news.adatum.com). This would be the same name
specified in the Web publishing rule's public name.
Process a certificate request file.
Install the certificate on the published Web server.
Export the certificate to a file and copy it to the ISA Server
computer.
Install the certificate on the ISA Server computer.
Certificate replacement
Certificates typically have an expiration period, usually no
more than one year. ISA Server cannot use an expired certificate.
Be sure to renew your certificates before they expire, so that ISA
Server can continue to function.
In addition, you may want to replace specific certificates used
in Web listeners for other reasons. When a certificate
expires, perform the following steps to replace a certificate: