• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Certificate Chain Error with ISA+E2007

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Certificate Chain Error with ISA+E2007 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Certificate Chain Error with ISA+E2007 - 7.Dec.2006 7:14:53 PM   
shadrach

 

Posts: 2
Joined: 7.Dec.2006
Status: offline
I'm just cutting my teeth on ISA 2006 as I've been setting it up in my home lab this week.  I found and followed the articles for Enabling SSL for OWA 2003 and Publishing Exchange 2007 OWA with ISA Server 2006.

After many hurdles I am almost there, but can't figure out this last problem.  After succesfully authenticating the OWA logon from an external host, the following error is returned in IE:
  • Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019)

Which led me to:
http://www.microsoft.com/technet/isa/2004/plan/tscerts.mspx


I receive an error message: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted.
 
ISA Server must trust the certificate from the published Web server. Ensure that the CA certificate is in the ISA Server Trusted Root Certification Authorities certificate store.

The two problems I saw are (1) the above fix didn't resolve the error, and (2) when I move the certificate from Personal to under Trusted Root Certification Authorities, the cert vanishes from the Certificate tab in my configured listener object.

I've recreated both of my certificates (one on the Exchange 2007 Client Access role server, and the other on the ISA server) and verified that the name is identical in both.  I've already configured host files internally to allow the public FQDN to be used internally for access to OWA.

OWA works correctly (forced SSL) from any internal host, and from the ISA server itself .  But all hosts external to ISA are getting the error above.

And input would be wonderful, I'm about out of ideas at this point.

Thanks,
Jeff
Post #: 1
RE: Certificate Chain Error with ISA+E2007 - 7.Dec.2006 7:38:41 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jeff,

Don't use Exchange articles published on the ISAserver.org and don't use ISA Firewall articles published on the msexchange.org site (unless I wrote them)

Use this:

http://www.isaserver.org/articles/2004pubowartm.html

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to shadrach)
Post #: 2
RE: Certificate Chain Error with ISA+E2007 - 8.Dec.2006 11:14:26 AM   
shadrach

 

Posts: 2
Joined: 7.Dec.2006
Status: offline
Tom,

Thanks for that link.  I ran through the certificate-creation steps in this article and it had a few more steps than the one I previous used, including addition of the private key during the export.  I also didn't have the CA certificate on the ISA server, as I was moving the OWA cert into the Trusted container, not the CA cert.  I think a combination of those mistakes created the error I received.


Thanks again,

Jeff

(in reply to tshinder)
Post #: 3
RE: Certificate Chain Error with ISA+E2007 - 10.Dec.2006 3:05:06 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jeff,

Great! Good to hear you got it working and thanks for the follow up!!!

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to shadrach)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Certificate Chain Error with ISA+E2007 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts