Without the
capability to scan this SSL traffic, exploits bound for an OWA server could simply hide
themselves in the encrypted traffic and pass right through traditional firewalls.
Exporting and Importing the OWA Certificate to the ISA Server
For ISA to be able to decrypt the SSL traffic bound for the Exchange OWA server, ISA needs
to have a copy of the certificate used on the OWA server. This certificate is used by ISA to
decode the SSL packets, inspect them, and then re-encrypt them and send them on to the
OWA server itself. For this certificate to be installed on the ISA server, it must first be
exported from the OWA server, as follows:
1. From the OWA server (not the ISA server), open IIS Manager (Start, All Programs,
Administrative Tools, Internet Information Services [IIS] Manager).
2. Navigate to Internet Information Services, SERVERNAME (local computer), Web Sites.
3. Right-click on the OWA virtual server (typically named Default Web Site) and choose
Properties.
4. Choose the Directory Security tab.
5. Click View Certificate.
6. Click the Details tab.
7. Click Copy to File.
8. At the wizard, click Next to begin the export process.
Pages:
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551