Using Forefront Unified Access Gateway (UAG), you publish internal applications and resources by means of Forefront UAG trunks. Each trunk has a portal Web page, and remote endpoints connect to the portal over an HTTP or HTTPS connection. The following infrastructure design tasks are required when setting up a trunk, and publishing applications via the trunk:

  1. When you create a trunk, you specify whether remote endpoints should connect to the trunk site or portal over an HTTP or HTTPS connection. If you want a remote endpoint to connect to trunks over an HTTPS connection, you must have an infrastructure for requesting a server certificate from a public certification authority (CA). Usually a public certificate will be required because client endpoints might be managed or unmanaged, and the endpoint must trust the CA that issued the certificate.

  2. In addition, when you create a trunk you specify whether the connection between the Forefront UAG server and backend published servers is over HTTP or HTTPS. If you want to use an HTTPS connection, the backend server must have a server certificate in order to authenticate the HTTPS connection to the Forefront UAG server. This will usually be a certificate issued by an internal CA, because only the Forefront UAG server is required to trust it.