Importing Certificate

[Guest]

Hi
I have a Stand-Alone root CA and I installed a certificate on my OWA 5.5
server
To keep secure my external connection with OWA, I'm trying to import this
certificate on my ISA 2000 server. After exporting the PKI and Certificate
into a pfx file, I wanted to import it in ISA so I opened the Console root,
loaded the certificate snap-in and imported the pfx file into personal
certificate store, but when I looked on the Trusted Root Certification
Authorities, the CA certificate for my Stand-alone CA doesn't appear ...

Any idea?

 

[Miha Pihler]

Hi Sean,

On your CA server Web Interface go to "Download a CA certificate,
certificate change or CRL" On next page select Download CA certificate. Save
it to the file and transfer it to the ISA server (or any client that needs
to trust certificates issued by this CA). Double click the file (.cer file)
and follow the wizard. Default values should be OK and after you are done,
your issued certificate should be trusted by the computer.

I hope this helps,

Mike

 

[Guest]

Hi Mike

Okay, finally I could import the certificate on ISA (computer local) and
Microsoft Web Proxy service on ISA. The certificate looks good ... but when
trying to test the url (https:// ...) , the page is not found.

From the Web Publishing Rule on the Bridging tab, I'm trying to select the
SSL web service, but ISA tells me that there is not a certificate installed
on this machine

Any idea?

 

[Miha Pihler]

Hi,

Here is guide than can lead you step by step...

Chapter 2: Configuring ISA Server and Exchange
Jump to step 4: Configure Your Server Architecture and SSL

http://www.microsoft.com/technet/pr...2k3/f8717a00-690a-4a0b-b69d-57847a4dca1c.mspx

Feel free to post back with any additional question. Here is also ISA
NewsGroup if you help with ISA "microsoft.public.isa.configuration"

Mike

 

[Guest]

Hi Mike

I'm not able to run SSL on ISA yet. When trying to hit
https://server/exchange a "the page cannot be displayed - cannot find server
or DNS error" message comes up.
I remove SSL from my web publishing rule and I'm able to hit
http://server/exchange, so it means that the problem is on SSL.

By the way, internal users can access OWA by HTTPS protocol. It means that
the certificate is working well.

The following are the steps that I've done on ISA and I don't know what else
make ..
1. Export the certificate (YES - Export Private Key / PKCS#12 (pfx) Export
File Format)
2. Import pfx file into ISA (Console Certificates Local Computer \ Personal
Certificate and Trusted Root Certificate \ Console Certificate Web Proxy
Services \ Personal and Trusted Root Certificate
3. Verify the certificate is active in both local computer and Service
Accout - YES
4. Create the Web Publishing Rule (SSL between OWA external client and ISA -
YES
SSL between ISA and OWA webserver - YES)
5. Enabling SSL listeners - YES
6. Configure listeners individually per IP address:
Server: Firewall Name
IP Address: Firewall IP
Authentication: Integrated
Server Certificate: Stand-AlondCA's server name

Any thoughts is welcome ...

Thanks