locked
https client communication - forefront tmg RRS feed

  • Question

  • Hello all,

    My root ca is on W2003 Standard and i cannot use custom templates for Web Server\IIS and clients certificates. I believe this is a limitation of 2003 server std. Unfortunately, we cannot move root ca to anything above 2003 standard anytime soon. So i cannot try the steps in thsi article http://technet.microsoft.com/en-us/library/gg682023.aspx#BKMK_webserver2008_cm2012

    Our DMZ does not allow domain joined server so i cannot set up a perimeter network. Also the idea of having a trusted forest in dmz has been turned down. 

    Now my only hope to set up https client communication method and set up internet based client management would be to leverage the existing Forefront TMG's in environment and expose the internet facing site servers. Anyone tried this ? I am not sure where to being.

    Monday, October 1, 2012 5:04 AM

All replies

  • You still need certificates on the site servers and clients to enable https communication. Adding TMG to the mix doesn't change that.

    Jason | http://blog.configmgrftw.com

    Monday, October 1, 2012 2:35 PM
  • Thanks Jason. My root CA is on server 2003 standard. Just to make sure,there is no way i can get https communication going on until the root CA is upgraded to an enterprise version. is that a right assessment ?


     
    Monday, October 1, 2012 4:41 PM
  • I *thought* with 2012 that you could actually use the default Workstation and WebServer templates. Based upon the cert requirements on TechNet, I think that's true: http://technet.microsoft.com/en-us/library/gg699362.aspx

    Jason | http://blog.configmgrftw.com

    Monday, October 1, 2012 4:44 PM
  • Not sure if that's possible.
    Saturday, December 1, 2012 12:40 AM