The following are step-by-step instructions to get SSL bridging to work with ISA.
SSL bridged connections actually involve two connections:
On the IIS server issue a file to request a certificate for use with SSL
Then select OK to close the Web Properties
I used Verisign trial certificate as I am testing the ISA. If you are using third party certificate authority, copy the file on the floppy and submit the request on their site.
***For Verisign trial certificate you have to create a certificate root on each Internet client from where you want to access the internal web server. Secondly, add the certificate on the local certificate store under trusted certification authority. To do that, open the certificate MMC for local computer and import the certificate under trusted certification authority ***
3. On the IIS server Install the issued certificate
Go to properties on the Web site and perform the following steps:
4. Configure the SSL Port for the Web Site
5. Make sure the Certificate is OK
If you get error “The issuer of this certificate could not be found” you may need to export your CERT servers certificate under Trusted Certification Authorities and import it into the Web servers Trusted Certification Authorities.
At this point make sure you can establish an HTTPS session to the Web site from the ISA server using IE.
6. Export the certificate from the web server.
7. Import the certificate on the ISA server (in this example the CERT server is also on the ISA server)
8. Make sure the imported certificate is OK on the ISA server.
Again if you get error “The issuer of this certificate could not be found” you may need to export your CERT servers certificate under Trusted Certification Authorities and import it into the Web server’s Trusted Certification Authorities.
9. Configure ISA server to use the imported certificate and create the publishing rule.
If you had the ISA Management console open you may have to close it and open it again to see the certificate.
At this point you should be able to HTTPS from an external client to the external interface of the ISA server by name (not by IP)