Hi,

I'm trying to publish 2 web sites with ISA 2006 SP1.

We have bought an UCC certificate with 2 names : webmail.exemple.com and sharepoint.exemple.com

The common name of the certificate is webmail.exemple.com

I have replaced the certificate which was used in the ISA listener, no problem, webmail rules still work correctly.

BUT when I publish the sharepoint website with the same listener (same UCC certificate than webmail), I encounter an error about the common name not matching the published website name (i.e sharepoint.exemple.com)

So, are we constrained to have the common name matching the published website ? Why alternate names don't work ?

Are there any workarounds ?

Thanks for your help and sorry for my approximative english...

Hi,

do you see the error message regarding the certificate in the ISA Server publishing wizard in the Weblistener? If yes you can ignore this error message. ISA Server 2006 with SP1 can work with UCC / SAN certificates:
http://blogs.technet.com/b/isablog/archive/2008/05/23/isa-server-2006-service-pack-1-features.aspx
BTW: Why do you use a UCC certificate for two websites with the same domain name? A wildcard certificate may be sufficient?!

Hi,

Thanks for your reply, so if I have read carefully, the error while testing the rule (with ISA) is not really an error ? -_-'

I have to test the publication so... :-)

Wildcard certificate are more expensive than UCC, it is one of the only reason I think, and we only need 2 names.

I will test tomorrow and I'll tell you if it works !

Hi,

yes it is not really an error. Forefront TMG also often displays this warning message and you can safely ignore this message if the publishing rule is working

Hi,

Is there any update? Do it work fine?

Best Regards

Quan Gu

Hi,

I have an appointment with my customer this tuesday.

Best regards.

Hi,

Very good news, everything is working now ! :)

Here are the steps :

- The name of the published site MUST be the same that the common name of the UCC certificate (webmail.example.com), but you have to specify the IP address of the sharepoint server.

Thanks to this article : http://blogs.technet.com/b/isablog/archive/2007/08/29/certificates-with-multiple-san-entries-may-break-isa-server-web-publishing.aspx (see "Use the Subject or first SAN name in the published hostname field" - "Single-server publishing")

- I have unchecked "Forward the original host header instead of the actual one"

- I have tweaked the url in sharepoint for the "Extranet" to match the public URL (i.e https://sharepoint.example.com)

- I have just left "Basic authentication" for this application pool (the same in the ISA rule), I unchecked "Windows integrated" one.

Now the test rules for the publication are GREEN !

Problem solved ! :)

• Marked as answer by Jérôme DUMET 11 hours 57 minutes ago

Hi,

Very good news, everything is working now ! :)

Here are the steps :

- The name of the published site MUST be the same that the common name of the UCC certificate (webmail.example.com), but you have to specify the IP address of the sharepoint server.

Thanks to this article : http://blogs.technet.com/b/isablog/archive/2007/08/29/certificates-with-multiple-san-entries-may-break-isa-server-web-publishing.aspx (see "Use the Subject or first SAN name in the published hostname field" - "Single-server publishing")

- I have unchecked "Forward the original host header instead of the actual one"

- I have tweaked the url in sharepoint for the "Extranet" to match the public URL (i.e https://sharepoint.example.com)

- I have just left "Basic authentication" for this application pool (the same in the ISA rule), I unchecked "Windows integrated" one.

Now the test rules for the publication are GREEN !

Problem solved ! :)

• Marked as answer by Jérôme DUMET Tuesday, October 15, 2013 10:50 PM

Hi,

Very good news, everything is working now ! :)

Here are the steps :

- The name of the published site MUST be the same that the common name of the UCC certificate (webmail.example.com), but you have to specify the IP address of the sharepoint server.

Thanks to this article : http://blogs.technet.com/b/isablog/archive/2007/08/29/certificates-with-multiple-san-entries-may-break-isa-server-web-publishing.aspx (see "Use the Subject or first SAN name in the published hostname field" - "Single-server publishing")

- I have unchecked "Forward the original host header instead of the actual one"

- I have tweaked the url in sharepoint for the "Extranet" to match the public URL (i.e https://sharepoint.example.com)

- I have just left "Basic authentication" for this application pool (the same in the ISA rule), I unchecked "Windows integrated" one.

Now the test rules for the publication are GREEN !

Problem solved ! :)

• Marked as answer by Jérôme DUMET Tuesday, October 15, 2013 10:50 PM

Hi,

Very good news, everything is working now ! :)

Here are the steps :

- The name of the published site MUST be the same that the common name of the UCC certificate (webmail.example.com), but you have to specify the IP address of the sharepoint server.

Thanks to this article : http://blogs.technet.com/b/isablog/archive/2007/08/29/certificates-with-multiple-san-entries-may-break-isa-server-web-publishing.aspx (see "Use the Subject or first SAN name in the published hostname field" - "Single-server publishing")

- I have unchecked "Forward the original host header instead of the actual one"

- I have tweaked the url in sharepoint for the "Extranet" to match the public URL (i.e https://sharepoint.example.com)

- I have just left "Basic authentication" for this application pool (the same in the ISA rule), I unchecked "Windows integrated" one.

Now the test rules for the publication are GREEN !

Problem solved ! :)

• Marked as answer by Jérôme DUMET Tuesday, October 15, 2013 10:50 PM

Hi,

I am glad hear that. And also thank you  for your sharing.

Best Regards

Quan Gu