We're running an ISA 2006 and IIS6. Both on Windows 2003 machines. We've published a Website under an SSL connection.
Is it possible to let the ISA server pass down any client certificates to IIS (and the web application)? We need the client certificates to verify that the user may view the site.
A simple ISA rule that blockes anyone that do not have the certificate is not an option, because in that case we redirect to a login page. Ditching the ISA server is also not an option, because the administrators would kill me.
Best Answer
Standard reverse publishing of a site that needs SSL, should have the SSL cert installed on the ISA server.
On IIS6, you can specify that the root site is not required to enforce SSL, and secure pages are placed in a subfolder that has the 'force secure connect' check box turned on. (Its in IIS, Site properties, Security, last button (settings) ). In this way you can enforce 1 or more folders to be SSL.