Should install the certificate on my External Clients?

Archived from groups: microsoft.public.win2000.security (More info?)

Hi
I have a Stand-Alone root CA.
I've already created a certificate on OWA server and imported it into ISA
2000 server ... Internally the SSL does work but externally it doesn't.

My questions are:
1 - Should I install a root CA on my external computers so they can use SSL
with ISA?
2 - I reviewed the purpose of my certificate installed on ISA and OWA server
and it says: "Ensures the identity of a remote computer". That's ok to use
with SSL?
3 - Does Stand-Alone root CA work well for this purpose of security?

Thanks
3 answers Last reply
More about should install certificate external clients
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    If it works internally but not externally then you probably have a problem
    with dns name resolution, or blocking of port 443 TCP used for ssl. Have a
    client from outside of the network try to connect using the public IP
    address that maps to that server instead of dns name to see if that helps.
    Then make sure your firewall device is allowing port 443 tcp through to your
    server. You could double check that from a self scan site such as
    http://scan.sygatetech.com/pretcpscan.html and do a TCP scan that will scan
    for ports up to 1024. It should show port 443 tcp open in order for users to
    connect via https. The external clients will need a copy of the CA root
    certificate in their local computer certificate store. You can export it
    from the CA to a .cer file that you can send to them and then they double
    click the .cer file to start the wizard to install it. Use the mmc snapin
    for computer certificates and find your CA certificate in the trusted root
    folder where you can right click and select all tasks/export to save it to a
    ..cer file. Stand also CA's work fine, they lack the flexibility that an
    enterprise CA has but the concept of PKI for security is exactly the same
    and if your certificate is working for internal access it would be fine for
    external access. --- Steve


    "Sean" <Sean@discussions.microsoft.com> wrote in message
    news:C7BBB4A9-67FB-4C83-9DF9-0E5F8891D9A4@microsoft.com...
    > Hi
    > I have a Stand-Alone root CA.
    > I've already created a certificate on OWA server and imported it into ISA
    > 2000 server ... Internally the SSL does work but externally it doesn't.
    >
    > My questions are:
    > 1 - Should I install a root CA on my external computers so they can use
    > SSL
    > with ISA?
    > 2 - I reviewed the purpose of my certificate installed on ISA and OWA
    > server
    > and it says: "Ensures the identity of a remote computer". That's ok to use
    > with SSL?
    > 3 - Does Stand-Alone root CA work well for this purpose of security?
    >
    > Thanks
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    How can i open 443 port for SSL?

    "Sean" wrote:

    > Hi
    > I have a Stand-Alone root CA.
    > I've already created a certificate on OWA server and imported it into ISA
    > 2000 server ... Internally the SSL does work but externally it doesn't.
    >
    > My questions are:
    > 1 - Should I install a root CA on my external computers so they can use SSL
    > with ISA?
    > 2 - I reviewed the purpose of my certificate installed on ISA and OWA server
    > and it says: "Ensures the identity of a remote computer". That's ok to use
    > with SSL?
    > 3 - Does Stand-Alone root CA work well for this purpose of security?
    >
    > Thanks
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    You would have to configure your firewall to allow inbound port 443 TCP.
    Some devices already will have ssl listed as a service that you can add to
    the list for allowed inbound traffic from the "untrusted" adapter. ---
    Steve


    "Sean" <Sean@discussions.microsoft.com> wrote in message
    news:5D3B9FE0-FBD5-444C-859C-AF72E7B858D0@microsoft.com...
    > How can i open 443 port for SSL?
    >
    > "Sean" wrote:
    >
    >> Hi
    >> I have a Stand-Alone root CA.
    >> I've already created a certificate on OWA server and imported it into ISA
    >> 2000 server ... Internally the SSL does work but externally it doesn't.
    >>
    >> My questions are:
    >> 1 - Should I install a root CA on my external computers so they can use
    >> SSL
    >> with ISA?
    >> 2 - I reviewed the purpose of my certificate installed on ISA and OWA
    >> server
    >> and it says: "Ensures the identity of a remote computer". That's ok to
    >> use
    >> with SSL?
    >> 3 - Does Stand-Alone root CA work well for this purpose of security?
    >>
    >> Thanks
Ask a new question

Read More

SSL Security Certificate Servers Windows