Sign in with
Sign up | Sign in
Your question

Should install the certificate on my External Clients?

Last response: in Windows 2000/NT
Share
October 22, 2004 2:29:04 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi
I have a Stand-Alone root CA.
I've already created a certificate on OWA server and imported it into ISA
2000 server ... Internally the SSL does work but externally it doesn't.

My questions are:
1 - Should I install a root CA on my external computers so they can use SSL
with ISA?
2 - I reviewed the purpose of my certificate installed on ISA and OWA server
and it says: "Ensures the identity of a remote computer". That's ok to use
with SSL?
3 - Does Stand-Alone root CA work well for this purpose of security?

Thanks
Anonymous
a b 8 Security
October 23, 2004 3:29:10 AM

Archived from groups: microsoft.public.win2000.security (More info?)

If it works internally but not externally then you probably have a problem
with dns name resolution, or blocking of port 443 TCP used for ssl. Have a
client from outside of the network try to connect using the public IP
address that maps to that server instead of dns name to see if that helps.
Then make sure your firewall device is allowing port 443 tcp through to your
server. You could double check that from a self scan site such as
http://scan.sygatetech.com/pretcpscan.html and do a TCP scan that will scan
for ports up to 1024. It should show port 443 tcp open in order for users to
connect via https. The external clients will need a copy of the CA root
certificate in their local computer certificate store. You can export it
from the CA to a .cer file that you can send to them and then they double
click the .cer file to start the wizard to install it. Use the mmc snapin
for computer certificates and find your CA certificate in the trusted root
folder where you can right click and select all tasks/export to save it to a
..cer file. Stand also CA's work fine, they lack the flexibility that an
enterprise CA has but the concept of PKI for security is exactly the same
and if your certificate is working for internal access it would be fine for
external access. --- Steve


"Sean" <Sean@discussions.microsoft.com> wrote in message
news:C7BBB4A9-67FB-4C83-9DF9-0E5F8891D9A4@microsoft.com...
> Hi
> I have a Stand-Alone root CA.
> I've already created a certificate on OWA server and imported it into ISA
> 2000 server ... Internally the SSL does work but externally it doesn't.
>
> My questions are:
> 1 - Should I install a root CA on my external computers so they can use
> SSL
> with ISA?
> 2 - I reviewed the purpose of my certificate installed on ISA and OWA
> server
> and it says: "Ensures the identity of a remote computer". That's ok to use
> with SSL?
> 3 - Does Stand-Alone root CA work well for this purpose of security?
>
> Thanks
October 25, 2004 3:21:03 PM

Archived from groups: microsoft.public.win2000.security (More info?)

How can i open 443 port for SSL?

"Sean" wrote:

> Hi
> I have a Stand-Alone root CA.
> I've already created a certificate on OWA server and imported it into ISA
> 2000 server ... Internally the SSL does work but externally it doesn't.
>
> My questions are:
> 1 - Should I install a root CA on my external computers so they can use SSL
> with ISA?
> 2 - I reviewed the purpose of my certificate installed on ISA and OWA server
> and it says: "Ensures the identity of a remote computer". That's ok to use
> with SSL?
> 3 - Does Stand-Alone root CA work well for this purpose of security?
>
> Thanks
Anonymous
a b 8 Security
October 26, 2004 12:31:41 AM

Archived from groups: microsoft.public.win2000.security (More info?)

You would have to configure your firewall to allow inbound port 443 TCP.
Some devices already will have ssl listed as a service that you can add to
the list for allowed inbound traffic from the "untrusted" adapter. ---
Steve


"Sean" <Sean@discussions.microsoft.com> wrote in message
news:5D3B9FE0-FBD5-444C-859C-AF72E7B858D0@microsoft.com...
> How can i open 443 port for SSL?
>
> "Sean" wrote:
>
>> Hi
>> I have a Stand-Alone root CA.
>> I've already created a certificate on OWA server and imported it into ISA
>> 2000 server ... Internally the SSL does work but externally it doesn't.
>>
>> My questions are:
>> 1 - Should I install a root CA on my external computers so they can use
>> SSL
>> with ISA?
>> 2 - I reviewed the purpose of my certificate installed on ISA and OWA
>> server
>> and it says: "Ensures the identity of a remote computer". That's ok to
>> use
>> with SSL?
>> 3 - Does Stand-Alone root CA work well for this purpose of security?
>>
>> Thanks
Related resources
!