Jump to: navigation, search

SSL Certificate Installation

Export your current certificate and key from IIS 5/6

Click the Start menu and select Run. Type MMC and press enter. In the File menu (Windows 2003 Server) or the Console menu (Windows 2000 Server), choose "Add/Remove Snap-in".

Click Add, then double-click Certificates, choose Computer Account, then Finish. Click "Close" and then "OK". Expand the Certificates node, then expand the Personal node beneath it.

On the right side, you should see at least one certificate listed. Choose the certificate that belongs on the ISA server and right click it. Choose All Tasks and then Export.

When the wizard starts, press "Next". Choose the "Yes, export the private key" option and press "Next". In the next screen, select "Personal Information Exchange - PKCS #12 (.PFX)" and the only box you should check is "Enable strong protection". Leave any other boxes unchecked. Press "Next". Choose a password for your PFX file (be sure to write this password down, or use something you can remember) and press "Next". Choose a filename for your PFX and press "Next". Press Finish and your certificate and key will be in a PFX file in the location you specified.


Importing your PFX into ISA 2000/2004

Copy the PFX from your IIS Server and save it on the ISA Server. Go the Start menu, click Run, type MMC and press enter. In the File menu (Windows 2003 Server) or the Console menu (Windows 2000 Server), choose "Add/Remove Snap-in".

Click Add, then double-click Certificates, choose Computer Account, then Finish. Click "Close" and then "OK". Expand the Certificates node, then expand the Personal node beneath it.

In the right pane, right click anywhere in the empty space. Choose All Tasks and then Import.

When the Certificate Import Wizard starts, click "Next". When it asks for your PFX, click browse and navigate to where you saved it on the ISA server. You may need to press the drop down box and choose PFX format so that you can see your PFX. Press "Next".

Type the password that you gave when you created the PFX. We recommend checking the "Mark this key as exportable" option so that you can export it later. Press "Next". In the next screen, "Place all certificates in the following store" should be selected, and below it, the Personal node should also be selected. Press "Next". Press "finish" on the next screen and your certificate has been successfully imported.


Creating an SSL listener

If you already have a listener configured with a certificate from Trustwave or another provider, skip to the next section.

Open the ISA Manager and right click the server which will need to accept SSL connections. Choose "Properties" and then click the "Incoming Web Requests" tab. Click the Internet Protocol (IP) address entry for the site that you are going to host. If you do not have individual IP's set, then choose "all IP addresses". Click Edit, and click "Use a server certificate to authenticate web users". Then click "Select", choose the certificate that you just imported, and then click "OK". Click the Enable SSL Listeners so that it is checked.

If you want to use SSL bridging, you can move on to the next step now. SSL bridging means that incoming requests over HTTPS will reach ISA and then ISA will communicate over HTTPS with your web server on the back-end.

If you want the HTTPS connection to terminate at the ISA server and allow the ISA server to communicate insecurely with the web server on the back-end, double click the Web Publishing Rule" that routes the SSL traffic. On the Bridging tab, choose the option to redirect SSL requests as "HTTP Requests". Click "OK".