locked
How many certs on ISA RRS feed

  • Question

  •  

    How many certs do I need for the ISA 2006 server, according to the Edge planning tool I need 1 from a public CA.

     

    But reading some other doc it looks like I need 2, it seems I needs the one I created for our front end server?

     

    Also when I spoke with DigiCert they said I can purchase 1 cert with 4 names and this can be used for the edge and the ISA server is this correct?

     

    Wednesday, October 15, 2008 2:42 PM

All replies

  • What are you using the ISA Server for in your deployment?  Just the Reverse HTTP proxy, or are either (or both) of your internal and external firewalls an ISA Server?

     

    Also, are you deploying a consolidated Edge server with all three external roles?

     

    The recommendations that you get from the Edge Planning Tool should be accurate and I would trust those results.

     

    Wednesday, October 15, 2008 2:55 PM
    Moderator
  • Yes I'm going to use ISA just as a reverse proxy, and yes I'm deploying a consolidated edge server.

     

    Wednesday, October 15, 2008 3:10 PM
  • Then you only need a single Public certificate for use on the ISA listener, just like the Edge Planning Tool specified.

     

    Keep in mind that if your ISA Server is not on your internal domain (as it shouldn't be) then you may need to import a root certificate from an Internal Enterprise CA so that the ISA server can succsefully establish and SSL connection to the interal Front-End server's Web Components site, which is typically configured to use an internally-issued certificate.  If you are already using ISA to pulish other internal websites (say Sharepoint, for example) then you probably have already taken care of that.

     

    Wednesday, October 15, 2008 4:02 PM
    Moderator
  • The Reverse Proxy (ISA) only needs one cert with one name and that must be the FQDN of the External Webfarm name that you configured in OCS

    But you can add SAN names if you like, that will also work

     

    Wednesday, October 15, 2008 4:04 PM