I'm fairly new to ISA Server so pls forgive me if i am doing something stupid. My setup is as follows:-
ISA 2006 STD BE firewall on Windows Server 2003 R2 SP1 Watchguard Firebox managed FE firewall (managed by MPLS WAN provider) FE Exchange 2003 SP2 server in an ISA DMZ network.
I have been waiting to receive a public SSL certificate before publishing OWA, which I have now tried to do. If it has any relevance, it is an Extended Validation certificate - that we had to jump through hoops for! - and it was bought from Comodo.
I installed the certificate into IIS on the FE Exchange server successfully, and browsing directly to OWA over HTTPS worked a treat. I even got my nice green address bar in IE7 due to the EV certificate.
I then exported the certificate, and private key, from IIS using the wizard, copied it onto the ISA server, and installed it into the Computer store under 'Personal'. When creating the web-listener, the certificate was available for selection as expected, and everything went fine.
However when browsing to the ISA-published OWA from the Internet, I get a message in IE7 telling me that my shiny new SSL certificate was not issued by a trusted certificate authority.
I ignore this and continue to the site, and receive the new ISA 2006 OWA login page, and functionality is all normal - I can browse my mailbox, send email etc.
So I googled, and looked on the CA's support site, and learnt that I had to install the CA's root and intermediary certificates into the Computer store on the ISA server. No problem, I downloaded the root and intermediary certificates from Comodo and installed them into the relevant containers in the Computer certificate store, and then restarted the ISA server.
I still get the same prompt when I connect to the ISA published OWA.
I have looked in 'Certificates' within IE on the ISA server, and the certification path is present with "This certificate is OK" stated.
Can anybody point me in the right direction? Like I said I'm new to ISA and out of ideas!