SSL server certificates are typically used in the following ISA Server, Forefront Threat Management Gateway Medium Business Edition or Windows Essential Business Server 2008 publishing scenarios:
- Publishing by using server publishing rules
ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 use server publishing to process incoming requests to internal servers. A network address translation (NAT) relationship between the following networks helps protect internal servers:- The network where client requests are received
- The network where the published server is located
Published IP addresses are actually those of the ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 computer that is helping to protect internal resources. Typically, server publishing rules are used to publish protocols other than HTTP or HTTPS. Server publishing rules can be used to publish servers that are running Microsoft SQL Server. When server publishing is over a secure SSL connection, an SSL server certificate must exist on the published server. No SSL processing occurs on the ISA Server computer. - Publishing by using Web publishing rules
Web publishing is the recommended method for publishing HTTP or HTTPS protocols. You can publish a Microsoft Outlook Web Access server by using ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008.
When you use Web publishing rules and ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 to publish an internal Web server, client requests for the Web server arrive at the ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 computer over an HTTPS connection. Client requests are forwarded (bridged) from ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 to the published Web server.
You can forward HTTPS client requests from the ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 computer to the published Web server over HTTP. In this scenario, ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 authenticates the client that makes the request by using an SSL server certificate. An SSL certificate is required only on the ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 computer.
Alternatively, you can forward HTTPS requests to the published Web server over HTTPS. In this scenario, ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 authenticates the requesting client by using an SSL server certificate. The published Web server authenticates the ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 computer by using an SSL server certificate. A certificate is required on both the ISA Server, Forefront Threat Management Gateway Medium Business Edition, or Windows Essential Business Server 2008 computer and the published Web server.
For more information about how to configure certificates and about how to troubleshoot specific certificate errors, visit the following Microsoft Web site:
For more information about Web Publishing and Server Publishing scenarios and about how to troubleshoot publishing configurations, visit the following Microsoft Web site:
For more information about scenarios in which SSL certificates are required on an ISA Server computer or on published servers that are behind an ISA Server computer, visit the following Microsoft Web site:
This Web site also discusses procedures for obtaining and for installing SSL certificates.
For more information about ISA Server 2006, visit the following Microsoft Web site: