Switching to SSL

Brian Tkatch · Jul 2, 2007

Project Server 2003 SP 2a.

Anything i should know about changing Project Server to use SSL?

Our servers have been running for some time, but now i have been
tasked with adding an SSL certificate and forcing access to be https.
The certificate will be supplied to me, and it's ok if the intranet
Project users connect to port 80. But externally, that is from the
Internet, the connection to PWA must be port 443.

I am curious what is involved, and if there are any pitfalls.Or if
complicated, if there is a guide.

B.

John Sitka · Jul 5, 2007

I'm going through this right now.
I believe the switch to https:// is faily easy, it's in this groups archives for sure. (I'll look)

The Microsoft recommendation is to install an additional Project Server in the DMZ
and point it to the SQL Data on the existing http server. This install is described in the Administrator
or install guides in detail.

I'm currently trying to utilize Microsoft ISA server to accomplish the same end result, because then we
will have an ISA server in place to handle other enterprise concerns beyond PWA. So far it has gone
resonably well. I can get authentication via https:// to the ISA server which then allows access to the
http:// bound internal project server. This is accomplished through what is called https:// to http:// bridging.
However all does not run smooth yet. I believe the active X chart controls which provide much of the
content in PWA are not liking the name (URL) or protocol transformations.

Remember there are two core components that need to be resolved for external access to work, naming and security.

How would an external client resolve a internal server name or link contained in the dynamically built content
of PWA? ISA handles this link translation on the fly fairly well. (except for the link to the Project workspace.)

Do you want to open the port to all traffic and then have that traffic authenticate against Project server,
or do you want the firewall to be the traffic autority of who gets the opportunity to talk to the Project web server.

Brian Tkatch · Jul 5, 2007

I'm going through this right now.
I believe the switch to https:// is faily easy, it's in this groups archives for sure. (I'll look)

The Microsoft recommendation is to install an additional Project Server in the DMZ
and point it to the SQL Data on the existing http server. This install is described in the Administrator
or install guides in detail.

I'm currently trying to utilize Microsoft ISA server to accomplish the same end result, because then we
will have an ISA server in place to handle other enterprise concerns beyond PWA. So far it has gone
resonably well. I can get authentication via https:// to the ISA server which then allows access to the
http:// bound internal project server. This is accomplished through what is called https:// to http:// bridging.
However all does not run smooth yet. I believe the active X chart controls which provide much of the
content in PWA are not liking the name (URL) or protocol transformations.

Remember there are two core components that need to be resolved for external access to work, naming and security.

How would an external client resolve a internal server name or link contained in the dynamically built content
of PWA? ISA handles this link translation on the fly fairly well. (except for the link to the Project workspace.)

Do you want to open the port to all traffic and then have that traffic authenticate against Project server,
or do you want the firewall to be the traffic autority of who gets the opportunity to talk to the Project web server.

We have the server itself behind a firewall, and SiteMinder will be
policing security. Our internal server is to get an external name as
well, so we'll the outside world can resolve it's ip.

Thanx for the information. I did not realize this was in the Admin
guide.

B.

John Sitka · Jul 6, 2007

here's a link..
http://groups.google.ca/group/micro...7?lnk=gst&q=ssl&rnum=3&hl=en#fe1a54e018ac88a7

you are lucky to be in an environment where secure publishing is understood, all I get is blank stares,
and asked what port do you want open.

Brian Tkatch · Jul 9, 2007

here's a link..
http://groups.google.ca/group/micro...7?lnk=gst&q=ssl&rnum=3&hl=en#fe1a54e018ac88a7
Thanx!

you are lucky to be in an environment where secure publishing is understood, all I get is blank stares,
and asked what port do you want open.

It is understood by the group that needs to understand it.
Unfortunately, that's where it ends too.

B.

React JS Outlook Add-in - VS Code + WebPack - Unable to call external Web Service - CORS Issue	0	Aug 25, 2022
Outlook Add-in - Javascript based using React JS - VS Code + WebPack - Unable to call external Web Service	0	Aug 23, 2022
Project Pro & SSL - Bad Certification Authority	1	Jul 7, 2008
Ports that professional uses to communicate with Server 2007	2	Nov 6, 2009
Moving from http to https (SSL)	1	Oct 4, 2007
Migrating from port 80 to 443 (SSL)	2	Aug 24, 2006
Configuring WS SP2 for SSL?	16	Oct 11, 2005
Outlook Desktop (latest) stopped syncing IMAP accpounts from selfowned Mail server.	0	Sep 17, 2022

Switching to SSL

Brian Tkatch

John Sitka

Brian Tkatch

John Sitka

Brian Tkatch

Ask a Question

Similar Threads