locked
UAG direct Access IP-Https requirnments wild card certificate ? RRS feed

  • Question

  •  

    hello ,

    while I’m reading for direct access deployment I’ve seen in the TechNet recommendation the below text

    IP-HTTPS certificates :

    you can use two types of IP-HTTPS certificate :

    public "which is the option that im planning to use"

    a web certificate required for IP-HTTPS authentication . the certificate subject should be the URL of the forefront UAG access server .

    does that means that the certificate subject name should be myservername.mydomain.com ??

    as im planning to assign a wild card certificate to my domain from a 3rd party , will this work ? any one done this ? plz help

    Thursday, February 7, 2013 8:14 AM

All replies

  • Wildcard certs work as long as the fqdn matches, e.g. the name is *.contoso.com will work with da.contoso.com but not da.fabrikam.com as the IP-HTTPS name.

    And it must be a webserver cert.


    Hth, Anders Janson Enfo Zipper

    Thursday, February 7, 2013 10:54 AM
  • Yes, it works and documented : http://technet.microsoft.com/en-us/library/ee406213.aspx#manual

    "Forefront UAG DirectAccess allows the use of IP-HTTPS certificates that have wildcards in their names. These must be configured in the Authentication Options page of the Forefront UAG DirectAccess Configuration Wizard. "


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Thursday, February 7, 2013 1:24 PM
  • As already stated, wildcards work just fine for IP-HTTPS. You simply place the certificate onto the server like you would for any other web certificate, and then when you are running through the DirectAccess configuration wizards, in the IP-HTTPS screen inside Step 2, you choose that certificate, and then UAG will prompt you to enter the specific name that you are planning to use for IP-HTTPS. Type that name, make sure your public DNS points it at the primary public IP address of the UAG server, and you are all set.

    Thursday, February 7, 2013 4:35 PM