Configuring server certificates for secure Web publishing

Applies To: Forefront Threat Management Gateway (TMG)

When publishing Web servers or Outlook Web Access, Forefront TMG uses certificates as follows:

• HTTPS to HTTP bridging:

  • HTTPS connection between the external client and the Forefront TMG computer.

  • HTTP connection between the Forefront TMG computer and the backend Web server

  Note

  This scenario requires a server certificate on the Forefront TMG computer in order to authenticate it to the external client.

• HTTPS to HTTPS bridging:

  • HTTPS connection between the external client and the Forefront TMG computer

  • HTTPS connections between the Forefront TMG computer and the backend Web server

  Note

  This scenario requires a server certificate on the Forefront TMG computer in order to authenticate it to the external client and requires a server certificate on the backend Web server in order to authenticate it to the Forefront TMG computer.

For instructions, see the following procedures:

• Requesting a certificate from a commercial certification authority

• Installing a certificate from a commercial certification authority

• Exporting a certificate from a Web server

• Importing a certificate to a Forefront TMG computer

• Removing a certificate from a Web server

• Requesting a certificate from a local certification authority

Related Topics

Concepts

Publishing Web servers over HTTPS