locked
Publishing CRL through TMG RRS feed

  • Question

  • Trying to create a website publishing rule for my internal CRL list.

    internal site is http://DC01/certenroll/
    external is CRL.<domainname>.com
    public IP for TMG is set to CRL.<domainname>.com
    rule and listener is create for crl.<domainname>.com
    but the rule keeps getting skipped and gets blocked by the default rule. testing the rule succeds. not sure what else i am missing
    Wednesday, July 22, 2009 8:26 PM

Answers

  • Just as an update. Having installed TMG, IIS was also installed and was consuming the basic listener on port 80. Setting the port on the IIS listener to another port fixed the problem.

    Regards,
    Mylo
    Tuesday, December 8, 2009 9:58 PM

All replies

  • Hi,

    have a look at the following article series, it explains how to publish a CRL with ISA 2004, but this should be nearly the same as for TMG
    http://www.isaserver.org/tutorials/Publishing-Public-Key-Infrastructure-ISA-Server-2004-Part3.html

    regards Marc
    www.nt-faq.de
    www.it-training-grote.de
    Wednesday, July 22, 2009 9:07 PM
  • Thanks marc

    I had used this article to complete the rules i have now
    http://blog.msfirewall.org.uk/2008/06/publishing-certificate-revocation-lists.html
    very useful but it looks like the rule is being ignored, trying to figure out why
    Wednesday, July 22, 2009 10:00 PM
  • Kevin,

    Did you ever work this one out?.. I see the same behaviour in TMG RTM when trying to publish a CRL.  I even copied the original working ISA 2006 rule to make sure and it behaves the same: ignoring the HTTP web publishing rule. I wonder whether this has something to do with the new malware filter....  I'm going to start turning things off and see what happens.

    Regards,
    Mylo

    Sunday, November 29, 2009 8:51 AM
  • Just as an update. Having installed TMG, IIS was also installed and was consuming the basic listener on port 80. Setting the port on the IIS listener to another port fixed the problem.

    Regards,
    Mylo
    Tuesday, December 8, 2009 9:58 PM
  • Mylo,

    Thanks for the info, unfortunately IIS is installed on a different machine, so 80 is available on the IIS box. Testing the Connection i added a HTTPS option for the site and the listener. when using https, the listener would go through fine.
    Wednesday, December 9, 2009 3:43 PM