Is the Certficate I "see" from my IE Broswer the "actual " server certificate ? -- iis security

Norman
10/2/2005 5:58:11 PM

Hi,
We have an internal IIS.6 server protected by one reverse proxy server and a
firewall from eternal users. External internet users use HTTPs hit the web
page URL will connect to the external interface of the reverse proxy server
and will then be NATed by the reverse proxy server to the actual IIS web
page on the IIS 6 server.

Communication (Re-direction) from the Reverse Proxy to the IIS is using
HTTPS.

My questions are :-
1) Now I have to create a server certificate on the IIS , which is on its
own workgroup and not registered with any DNS ,what CN name should I use in
my case ?
2) When an external user access the web page , on his IE Brower , will he "
see" ( presented ) with the certificate by the IIS server or the certificate
of the Reverse proxy server ?

Any help appreciated.

Norman

Steven L Umbach
10/4/2005 5:52:43 PM

I don't know what Proxy you are using but ISA 2004 for instance will use the
same certificate on the ISA server as the web server that is published when
using ssl to ssl bridging. You want the certificate name field for the web
server certificate to be the fully qualified name of your web server that
the user access it by from the internet and would resolve to the dns record
for the web server. If the website name does not match the certificate name
the user will get one of those pop up messages warning of such. The links
below are for ISA 2004 ssl which may help. --- Steve

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/tscerts.mspx
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/tscerts.mspx

[quoted text, click to view]

iis security : Is the Certficate I "see" from my IE Broswer the "actual " server certificate ?