SAN Certificates and ISA Server 2006

Have this in mind if you’re planning to use SAN (subject alternative names) certificates with ISA Server 2006.

ISA 2006 server checks the first SAN listed in the certificate against
the Internal Site Name specified in the web publishing rule.  If there is
no match the connection will fail.  Even if the main Subject name of the
certificate is correct ISA only checks the first SAN.

Recently, we have the following workaround for this issue:

1- Change the internal site name on the publishing rule to match the first
name listed in the SAN list.

2- Change the certificate on the web server so the first SAN listed matches
the internal site name on the publishing rule

3- Use a certificate on the web server that does not include a SAN.

Sources tell me that the ISA Server team is working on a hotfix.

Leave a Comment

Your email address will not be published.

Scroll to Top