Re: Should install the certificate on my External Clients?
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: Fri, 22 Oct 2004 23:29:10 GMT
If it works internally but not externally then you probably have a problem
with dns name resolution, or blocking of port 443 TCP used for ssl. Have a
client from outside of the network try to connect using the public IP
address that maps to that server instead of dns name to see if that helps.
Then make sure your firewall device is allowing port 443 tcp through to your
server. You could double check that from a self scan site such as
http://scan.sygatetech.com/pretcpscan.html and do a TCP scan that will scan
for ports up to 1024. It should show port 443 tcp open in order for users to
connect via https. The external clients will need a copy of the CA root
certificate in their local computer certificate store. You can export it
from the CA to a .cer file that you can send to them and then they double
click the .cer file to start the wizard to install it. Use the mmc snapin
for computer certificates and find your CA certificate in the trusted root
folder where you can right click and select all tasks/export to save it to a
.cer file. Stand also CA's work fine, they lack the flexibility that an
enterprise CA has but the concept of PKI for security is exactly the same
and if your certificate is working for internal access it would be fine for
external access. --- Steve
"Sean" <Sean@discussions.microsoft.com> wrote in message
> I have a Stand-Alone root CA.
> I've already created a certificate on OWA server and imported it into ISA
> 2000 server ... Internally the SSL does work but externally it doesn't.
> My questions are:
> 1 - Should I install a root CA on my external computers so they can use
> with ISA?
> 2 - I reviewed the purpose of my certificate installed on ISA and OWA
> and it says: "Ensures the identity of a remote computer". That's ok to use
> with SSL?
> 3 - Does Stand-Alone root CA work well for this purpose of security?