ISA Server 2004 Configuration Guide 16
Introduction
Microsoft Certificate Services can be installed on the domain controller on the internal
network and issue certificates to hosts within the internal network domain, as well as to hosts
that are not members of the Internal network domain. We will use certificates in a variety of
configuration scenarios in this ISA Server 2004 Configuration Guide series, including to
accomplish the following:
• Allow the ISA Server 2004 firewall to use the L2TP/IPSec VPN protocol for a site-to-site
VPN link
• Allow the ISA Server 2004 firewall to use the L2TP/IPSec VPN protocol for a VPN client
connection from a remote access VPN client
• Enable remote users to access the Outlook Web Access site using highly secure SSL-to-
SSL bridged connections
• Publish secure Exchange SMTP and POP3 services to the Internet
The certificates enable us to use SSL/TLS security. The SSL (Secure Sockets Layer) protocol
is a session layer protocol that encrypts data moving between the client and server machines.
SSL security is considered the current standard for providing secure remote access to Web
sites. In addition, certificates can be used to confirm the identity of VPN clients and servers so
that mutual machine authentication can be performed.
In this document we will discuss the following procedures:
• Installing Internet Information Services 6.0 to support the Certificate Authority’s Web
enrollment site
• Installing Microsoft Certificate Services in Enterprise CA mode
