locked
TSG and SSL client certificates RRS feed

  • Question

  • Hello there,

    I have the following test configuration:

    Internet - Forefront TMG - Terminal Service Gateway - Terminal Server 

    I have managed to configure it to run with SSL server certificates, but so far not succeeded with client certificates. Can someone help me, please.

    Even without the TMG it would be find:

    Internet - TSG - TS 

    Regards,
    Thanh
    Wednesday, December 10, 2008 2:26 PM

Answers

All replies

  •  TS Gateway needs a "Server Authentication" certificate only and does not work with client authentication certificate. You can read the blog on TS Gateway certificates for more information: http://blogs.msdn.com/ts/archive/2008/12/04/introduction-to-ts-gateway-certificates.aspx

    Thanks,
    Vikash
    Thursday, December 11, 2008 4:06 AM
  •  Hi Vikash,

     

    Thx for your answer. I have managed to configure it with server authentication/certificate... but isn't there (a workaround) a way to use tsg with client certificates either via ISA or NAP?

    Regards,

    Thanh  

    Thursday, December 11, 2008 11:03 AM
  • Before i can answer your question, can i know why do you want to use a Client Certificate on TS Gateway?

    Thanks,
    Vikash

    Thursday, December 11, 2008 11:40 AM
  • Sure, it's to strengthen the security and to be able to identify the user ... but also because it's a kind of business policy.

    If you have a solution, please help me :)

     

    Rgrds,

    Thanh

    Thursday, December 11, 2008 12:23 PM
  • If i understand correctly, then you want to use client authentication certificate to authenticate the client to the TS Gateway server. If that is the case then TS Gateway does support smartcard based authentication which is nothing but authentication via client certificate.


    Thanks,
    Vikash
    Thursday, December 11, 2008 3:43 PM
  • Smartcard? But then I will need cards and card readers, right?

    Isn't there a workaround like have the client certificate authorised at the ISA and then use server auth between ISA and TSG?

    Regards,
    Thanh
    Friday, December 12, 2008 8:42 AM
  • Sorry but there is no such alternative available today.

    Thanks,
    Vikash
    Friday, December 12, 2008 10:08 AM