Configuring server certificates for secure Web publishing

When publishing Web servers or Outlook Web Access, Microsoft Forefront Threat Management Gateway uses certificates as follows:

• HTTP to HTTPS bridging:
• HTTPS connection between the external client and the Forefront TMG computer.
• HTTP connection between the Forefront TMG computer and the backend Web server
• This scenario requires a server certificate on the Forefront TMG computer in order to authenticate it to the external client.
• HTTPS to HTTPS bridging.
• HTTPS connection between the external client and the Forefront TMG computer
• HTTPS connections between the Forefront TMG computer and the backend Web server
• This scenario requires a server certificate on the Forefront TMG computer in order to authenticate it to the external client and requires a server certificate on the backend Web server in order to authenticate it to the Forefront TMG computer.

The following flowchart presents the options for each scenario.

For instructions, see the following procedures:

• Requesting a certificate from a commercial certification authority
• Installing a certificate from a commercial certification authority
• Exporting a certificate from a Web server
• Importing a certificate to a Forefront TMG computer
• Removing a certificate from a Web server
• Requesting a certificate from a local certification authority