I'm just cutting my teeth on ISA 2006 as I've been setting it up in my home lab this week. I found and followed the articles for Enabling SSL for OWA 2003 and Publishing Exchange 2007 OWA with ISA Server 2006.
After many hurdles I am almost there, but can't figure out this last problem. After succesfully authenticating the OWA logon from an external host, the following error is returned in IE:
Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019)
I receive an error message: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted.
ISA Server must trust the certificate from the published Web server. Ensure that the CA certificate is in the ISA Server Trusted Root Certification Authorities certificate store.
The two problems I saw are (1) the above fix didn't resolve the error, and (2) when I move the certificate from Personal to under Trusted Root Certification Authorities, the cert vanishes from the Certificate tab in my configured listener object.
I've recreated both of my certificates (one on the Exchange 2007 Client Access role server, and the other on the ISA server) and verified that the name is identical in both. I've already configured host files internally to allow the public FQDN to be used internally for access to OWA.
OWA works correctly (forced SSL) from any internal host, and from the ISA server itself . But all hosts external to ISA are getting the error above.
And input would be wonderful, I'm about out of ideas at this point.
Thanks for that link. I ran through the certificate-creation steps in this article and it had a few more steps than the one I previous used, including addition of the private key during the export. I also didn't have the CA certificate on the ISA server, as I was moving the OWA cert into the Trusted container, not the CA cert. I think a combination of those mistakes created the error I received.