Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

How to publish SSL Web sites by using server publishing


View products that this article applies to.

Summary

You can publish Secure Sockets Layer (SSL) Web sites in several ways. You can use Web publishing to publish SSL Web sites. This method requires the movement of the SSL Web site certificate to the ISA server or Microsoft Forefront Threat Management Gateway, Medium Business Edition server. For more information about this method, click the following article number to view the article in the Microsoft Knowledge Base:
292569 How to set up Internet Security and Acceleration Server to host Web sites by using the Secure Sockets Layer protocol
You can also use server publishing to publish SSL Web sites, and this method is described in this article. This method maps port 443 on the external interface through to the internal Web server on port 443 and provides the ability set up SSL without moving the SSL certificate from the internal Web server.

Note Server publishing is the only method for you can use to publish an SSL site with Microsoft Internet Information Server (IIS) 3.0. IIS 3.0 does not have the capability to export an SSL certificate, so you cannot use Web publishing with ISA.

↑ Back to the top


More information

How to server publish an SSL site by using ISA

Warning Before you can configure ISA to publish any internal Web site, you should not be running IIS on the ISA server. By default, IIS takes control of ports 80 and 443 on all IP address. Please remove IIS or use the information that is included in the following Microsoft Knowledge Base article to prevent IIS from binding to all interfaces. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
238131 How to disable socket pooling
To server publish an SSL site by using ISA, follow these steps:
  1. Start the ISA management console, right-click the Server publishing rule, and then click New rule.
  2. Name the rule that you are creating, for example, "SSL Web site", and then click Next.
  3. Type the address of your internal Web site that will process the SSL traffic, select the appropriate address for the external interface, and then click Next.
  4. Click the HTTPS protocol, and then click Next.
  5. Select the appropriate client set. Note that if the server is used by computers that are on the Internet, Any request would be appropriate.
  6. Click Next, and then click Finish.
  7. Stop the Firewall service, and then restart it.
To server publish an SSL site by using Microsoft Forefront Threat Management Gateway, Medium Business Edition, follow these steps:
  1. Start the Forefront Threat Management Gateway management console. Right-click Firewall Policy, click New, and then click Non Web Server Protocol Publishing Rule.
  2. In the Non Web Server Publishing Rule Wizard, type a descriptive name of the rule, and then click Next.
  3. In the Select Server box, type the IP address of the internal server that you are publishing, and then click Next.
  4. On the Select Protocol page, select the appropriate HTTPS server from the list, and then click Next.
  5. On the Network Listener IP Address page, select the external network or any other network that will process the incoming request, and then click Next.
  6. Click Finish.
Your SSL Web site should now be available on the external IP address of the ISA server. You may have to make DNS host record changes as appropriate to your environment to direct people to this address for your site.

↑ Back to the top


Keywords: KB298900, kbtunneling, kbnetwork, kbhowto

↑ Back to the top

Article Info
Article ID : 298900
Revision : 5
Created on : 10/31/2006
Published on : 10/31/2006
Exists online : False
Views : 446