• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

EV SSL Certificate problem

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> EV SSL Certificate problem Page: [1]
Login
Message << Older Topic   Newer Topic >>
EV SSL Certificate problem - 9.Feb.2008 2:11:26 PM   
davei0594

 

Posts: 21
Joined: 9.Feb.2008
Status: offline
Hello all,

I'm fairly new to ISA Server so pls forgive me if i am doing something stupid.  My setup is as follows:-

ISA 2006 STD BE firewall on Windows Server 2003 R2 SP1
Watchguard Firebox managed FE firewall (managed by MPLS WAN provider)
FE Exchange 2003 SP2 server in an ISA DMZ network.

I have been waiting to receive a public SSL certificate before publishing OWA, which I have now tried to do.  If it has any relevance, it is an Extended Validation certificate - that we had to jump through hoops for! - and it was bought from Comodo.

I installed the certificate into IIS on the FE Exchange server successfully, and browsing directly to OWA over HTTPS worked a treat.  I even got my nice green address bar in IE7 due to the EV certificate.

I then exported the certificate, and private key, from IIS using the wizard, copied it onto the ISA server, and installed it into the Computer store under 'Personal'.
When creating the web-listener, the certificate was available for selection as expected, and everything went fine.

However when browsing to the ISA-published OWA from the Internet, I get a message in IE7 telling me that my shiny new SSL certificate was not issued by a trusted certificate authority.

I ignore this and continue to the site, and receive the new ISA 2006 OWA login page, and functionality is all normal - I can browse my mailbox, send email etc.

So I googled, and looked on the CA's support site, and learnt that I had to install the CA's root and intermediary certificates into the Computer store on the ISA server.  No problem, I downloaded the root and intermediary certificates from Comodo and installed them into the relevant containers in the Computer certificate store, and then restarted the ISA server.

I still get the same prompt when I connect to the ISA published OWA.

I have looked in 'Certificates' within IE on the ISA server, and the certification path is present with "This certificate is OK" stated.

Can anybody point me in the right direction?  Like I said I'm new to ISA and out of ideas!

Thanks!

Dave

Post #: 1
RE: EV SSL Certificate problem - 12.Feb.2008 2:58:53 PM   
davei0594

 

Posts: 21
Joined: 9.Feb.2008
Status: offline
Problem resolved.

Despite going through exactly the same process click for click several times on my own, a tech from the CA talked me through it over the phone and mysteriously it started working.

Frustrating not to learn something from it, but the pressure's off now so it's not all bad!!

(in reply to davei0594)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> EV SSL Certificate problem Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts