Publishing Exchange 2010 without SSL on TMG 2010

Status
Not open for further replies.
I

Ifeatu Osegbo



Hi All,

We have just deployed Exchange 2010. We have always known that both TMG and Exchange requires SSL to be published. Here, we do not want to buy any SSL for the TMG, we already have one the Exchange 2010.

Please how do I go about this. This pos t pictures the possibility but I do not know how to go about it.

Thanks.
 
S

Shafaquat Ali



Hi,

AFAIK you dont need to get another cert for TMG even your Exchange cert in TMG and for this you will need to configure your publishing rule with option of "client may authenticate directly" and nothing els you need to do.

And as per your referenced post that is the matter of authentication not certs.

Regards.

Shafaquat Ali.

M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2, URL: http://blog.WhatDoUC.net Phone: +923008210320
 
I

Ifeatu Osegbo

Thanks a lot. My problem here is that I do not know how to go about creating the Web Listener(s) that will be able to handle these requests properly. Do I need a single Listener or two, also, do I need to create anything with SSL. Thanks.
 
S

Shafaquat Ali



Hi,

01. You need to configure just 1 listner.

02. You need to configure SSL with your Exchange certificate which mean that export cert from Exchange and import it in TMG's personal cert folder than when you will configure listener it will show that cert in list just configure your listener with that cert and every thing will work but don't forget to choose the option "client may authenticate directly"

Regards.

Shafaquat Ali.

M.C.I.T.P Exchange 2007/2010, M.C.I.T.P Windows Server 2008, M.C.T.S OCS Server 2007 R2, URL: http://blog.WhatDoUC.net Phone: +923008210320
 
E

Elan Shudnow [MVP]



You can create the Web Listener during your first rule creation. Your web listener can redirect http to https and your rule is configured to talk to Exchange over 443. That way, internet users to Listener occurs over 443, TMG will then decrypt the trafic for application layer inspection, and the rule will reencrypt the traffic and then send it off to Exchange.
Microsoft created the following how-to document on publishing Exchange 2010 with TMG:

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=894bab3e-c910-4c97-ab22-59e91421e022&displaylang=en

MVP | MCSE:M | MCITP: Enterprise Messaging Administrator | MCTS: OCS + Voice Specialization | http://www.shudnow.net
 
Status
Not open for further replies.
Top