HTTP direct to HTTPS without configure Certificate
-
07 Nisan 2012 Cumartesi 14:19
in here one of application has been published using Apache Tomcat. that Application running on Browser based & should be secure.
In this case , we are using Verisign certificate & configured on Tomcat server.
but problem is I've published this application from TMG. behind the http , it works perfectly. but once changed it to https from tomcat. it is not working.
How can I direct original http request to https from TMG.
please advise me on this.
Regards, COMDINI
Tüm Yanıtlar
-
07 Nisan 2012 Cumartesi 15:22
Hi,
which scenario do you want:
External Client HTTPS to TMG - TMG HTTP to Apache
External Client HTTPS to TMG - TMG HTTPS to Apache
External Client HTTP to TMG - TMG HTTPS to Apache
Can you please explain.regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
-
08 Nisan 2012 Pazar 08:19Moderatör
Hi,
Thank you for the post.
Please refer to this guide: http://technet.microsoft.com/en-us/library/cc995184.aspx.
Regards,
Nick Gu - MSFT
-
08 Nisan 2012 Pazar 13:29
hi Marc ,
my requirement is External Client HTTP to TMG - TMG HTTPS to Apache ( Tomc
Regards, COMDINI
-
08 Nisan 2012 Pazar 13:52
Hi Nick ,
I've tried this thing behind the IIS SERVER & Appache version PHP. i can configure Certificate in TMG also.
But it is difficult with apache Tomcat.
below links provided by Certificate provider of VerSign.com for this Certificate configuration.
Certificate Configure on Tomcat
Certificate Configure on TMG
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO17175&actp=AGENT_REFERAL .
Regards, COMDINI
-
08 Nisan 2012 Pazar 14:04
Hi,
create a Webserverpublishing rule which uses HTTPS from TMG to the published Server (Apache) but clients connect via HTTP to the TMG Server (keep in mind that authentication requests flows unsecured from external clients to the TMG Server). The TMG Server must trust the certification authority which issued the certificate for the Apache Server and the name entered in TMG as the internal Server (Apache) must match the CN (Common Name) in the certificate issued for the Apache Server
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
-
08 Nisan 2012 Pazar 14:09
Hi Marc ,
these links sent by Verisign.com . can you refer this also.
Certificate Configure on Tomcat
Certificate Configure on TMG
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO17175&actp=AGENT_REFERAL .Regards, COMDINI
-
08 Nisan 2012 Pazar 15:14
Hi,
you don't need to install a certificate on the TMG Server. If the certificate comes from a trusted commercial Root CA (like Verisgin), the certificate should be already placed into the local Trusted Root CA certificate store on the TMG Server. Please check the trust if you try to open a HTTPS website on the Apache Server from the TMG Server
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
-
08 Nisan 2012 Pazar 16:24
Hi Marc,
you mean that if the Verisign trusted by TMG , it will be direct http request to Apache server & final request appear with https ( https configured on apache tomcat server ) ?
Regards, COMDINI
-
08 Nisan 2012 Pazar 17:51
Hi,
no, redirecting from HTTP to HTTPS is part of the TMG Server configuration but you can check if you doesn't get a certificate warning when you open a HTTPS website from the Apache Server on the TMG Server
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
-
09 Nisan 2012 Pazartesi 17:01
Hi Marc ,
In the HTTP to HTTPS , redirection part we've to enable SSL. but once enable it , we've to assign a Web listener with configure a Certificate in TMG.
because of that how can I re-generate a certificate for TMG. initial one generated as compatible with Apache Tomcat.
Regards, COMDINI
-
10 Nisan 2012 Salı 08:01Moderatör
Hi,
Thank you for the update.
“my requirement is External Client HTTP to TMG - TMG HTTPS to Apache ( Tomcat)”- according to your scenario, please unselect “Enable SSL(HTTPS) connections on port 443”. On your publishing rule, navigator to tab “Bridging” and then select “Redirect requests to SSL port 443”.
Regards
Nick Gu - MSFT
- Düzenleyen Nick Gu - MSFTMicrosoft Contingent Staff, Moderator 10 Nisan 2012 Salı 08:01
- Yanıt Olarak Öneren Nick Gu - MSFTMicrosoft Contingent Staff, Moderator 12 Nisan 2012 Perşembe 04:22
- Yanıt Olarak İşaretleyen Nick Gu - MSFTMicrosoft Contingent Staff, Moderator 22 Nisan 2012 Pazar 05:31
-
12 Nisan 2012 Perşembe 16:22
Hi Nick ,
But How can I configure the Apache Tomcat Server configured SSL certificate with TMG also .
Regards, COMDINI
-
17 Nisan 2012 Salı 02:44Moderatör
Hi,
Thank you for the update.
Just like Marc said, you don’t have to install certificate on TMG server except that the published resource requires client certificates to connect to it. If https from tomcat not work, please refer to this article: http://blogs.technet.com/b/yuridiogenes/archive/2010/12/03/unable-to-access-a-published-apache-server-behind-isa-server-using-ssl.aspx.
Regards,
Nick Gu - MSFT
.png)
