Install the SSL Server Certificate

Request and install an SSL certificate using the FQDN for each Gateway server you want to publish via TMG in order to prevent DNS spoofing. You need to install the root SSL certificates on the TMG computer. These certificates should match the FQDN of each published server.

Follow the steps bellow to import a certificate to the TMG computer:

  1. On the TMG computer, click Start, type mmc, and then press Enter or click OK.
  2. 2. Click the File menu and then click Add/Remove Snap-in or press Ctrl+M. Under Available Snap-ins, click Certificates and then click Add.
  3. Select Computer Account and then click Next, click Local Computer and then click Finish.
  4. Click OK in the Add Or Remove Snap-ins dialog box.
  5. Expand Certificates (Local Computer), then expand Personal, and then expand Certificates.
  6. Right-click the Certificates node, select All Tasks, and then select Import... .
  7. The Welcome To The Certificate Import Wizard page appears. Click Next.
  8. On the File To Import page, type the certificate location.
  9. On the Password page, type the password provided by the entity that issued this certificate.
  10. On the Certificate Store page confirm that the location is Personal.
  11. The Completing The Certificate Import Wizard page should appear with a summary of your selections. Review the page and click Finish.

Verify that your CA is in the list of trusted root CAs:

  1. On each edge server, click Start, and then click Run. In the Open box, type mmc, and then click OK. This opens an MMC console.
  2. On the File menu, click Add/Remove Snap-in.
  3. In the Add Standalone Snap-ins box, click Certificates, and then click Add.
  4. In the Certificate snap-in dialog box, click Computer account, and then click Next.
  5. In the Select Computer dialog box, ensure that the Local computer: (the computer this console is running on) check box is selected, and then click Finish.
  6. Click OK. In the console tree, expand Certificates (Local Computer), expand Personal, and then click Certificates.
  7. In the details pane, verify that your CA is on the list of trusted CAs. Repeat this procedure on each server.