HTTPS Inspection in Forefront TMG 2010 - Certificates
I am in the final stages of getting my Forefront TMG server to act as a transparent proxy (to allow guest users to get out onto the internet without having to specify proxy details.)
during my testing, I have foudn that even though guest users can now aquire an IP address on a seperate VLAN and get right out onto the internet after going through a captive portal, browsing to sites with an https prefix allows them to bypass the filtering provided by Scansafe that would usually be blocked. I have had a conversation with the local council (who provide the upstream proxy that we chain to) and it appears we need to import a certificate onto the TMG server in order for the https inspection to work properly.
Now the problem I have, is that the certificates they offer us are in the *.crt format and Forefront TMG only allows me to specify a *.pfx format. Does anybody have any suggestions as to what I need to do to get this working? I have read a number of guides but not many come back with the result I'm trying to achieve.