I am in the final stages of getting my Forefront TMG server to act as a transparent proxy (to allow guest users to get out onto the internet without having to specify proxy details.)
during my testing, I have foudn that even though guest users can now aquire an IP address on a seperate VLAN and get right out onto the internet after going through a captive portal, browsing to sites with an https prefix allows them to bypass the filtering provided by Scansafe that would usually be blocked. I have had a conversation with the local council (who provide the upstream proxy that we chain to) and it appears we need to import a certificate onto the TMG server in order for the https inspection to work properly.
Now the problem I have, is that the certificates they offer us are in the *.crt format and Forefront TMG only allows me to specify a *.pfx format. Does anybody have any suggestions as to what I need to do to get this working? I have read a number of guides but not many come back with the result I'm trying to achieve.
Open an MMC session and add the certificates snapin. Choose Local computer. Browse to the personal - certificates store. Rightmouseclick on all tasks - import. Here you can select your CRT file.
There are currently 1 users browsing this thread. (0 members and 1 guests)