Certificates

When using Web publishing rules to publish a server, and Secure Sockets Layer (SSL) communication from external clients is required, a server certificate must be installed on the Microsoft Internet Security and Acceleration (ISA) Server 2006 computer. In addition, you may have a certificate installed on the internal Web server. The listener configured for the Web publishing rule must be configured to use the server certificate.

To install SSL certificates in a Web publishing scenario, follow these steps:

  1. Install a trusted root certificate on computers that will be SSL clients of the ISA Server computer. If you are using a certificate from a commercial certification authority (CA) that is included in the Internet Explorer database of CAs, you do not have to perform this step.
  2. Generate a certificate request for the ISA Server computer. When you specify the common name for the certificate, type the fully qualified host name or Uniform Resource Locator (URL) that external clients will type in their Web browser to access the Web site (for example: news.adatum.com). This would be the same name specified in the Web publishing rule's public name.
  3. Process a certificate request file.
  4. Install the certificate on the published Web server.
  5. Export the certificate to a file and copy it to the ISA Server computer.
  6. Install the certificate on the ISA Server computer.

Certificate replacement

Certificates typically have an expiration period, usually no more than one year. ISA Server cannot use an expired certificate. Be sure to renew your certificates before they expire, so that ISA Server can continue to function.

In addition, you may want to replace specific certificates used in Web listeners for other reasons. When a certificate expires, perform the following steps to replace a certificate:

  1. Disassociate the expired certificate from the Web listener. When you do this, the listener will be disabled. For instructions on configuring the Web listener, see Configure a Web listener to listen for HTTP or SSL requests.
  2. Use Certificate Management to remove the expired certificate from the ISA Server computer.
  3. Use Certificate Management to install the new certificate.
  4. In ISA Server Management, press F5 to refresh the view.
  5. Reconfigure the Web listener, specifying the new certificate.

Repeat this process for each certificate that you want to replace.



web link Get latest ISA Server content at ISA Server Guidance.
Send feedback about this page Send feedback about this page.