• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

problem with SSL to exchange front end

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> problem with SSL to exchange front end Page: [1]
Login
Message << Older Topic   Newer Topic >>
problem with SSL to exchange front end - 19.Apr.2009 2:49:08 PM   
aguess

 

Posts: 17
Joined: 14.Jul.2005
From: UK
Status: offline
I have a *.mydomain.com wildcard cert from GoDaddy.com.  It's installed in IIS (Win2k3) on my Exchange 2003 Front End server.  I've exported it from IIS as a .pfx and imported it into my ISA 2004 server.

Everything looks right.  I've been running this ISA 2004 server with a FQDN SSL Cert for ages although pointing at my main Exchange Server rather than this front end one.

However, when I go to https://outlook.mydomain.com/exchange I get the forms logon screen and after proving a valid user and password to logon, I get a Page can not be displayed "ror Code: 500 Internal Server Error. The target principal name is incorrect. (-2146893022)" error page :(  If I turn off FBA from the FE Exchange server, it just fails with the same error as soon as you go to the URL.

I've also got a ISA 2006 server (which ultimately I can't use for this), and if I use the same wildcard cert and point to the same front end exchange server it works just fine.

So I don't understand what's wrong.  I've got it temporarily working bridging into HTTP i.e. Client -SSL-> ISA 2004 Server -HTTP-> Exchange 2003 FE Server.  This is working fine, and the cert is happyily working for that first part, it's just when I want to go SSL all the way (which I do).

Any suggestions at areas to look at very much appreciated.
Post #: 1
RE: problem with SSL to exchange front end - 19.Apr.2009 6:01:32 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
ISA 2004 doesn't support published servers which use wildcard certificates, whereas ISA 2006 does; hence your results...

Q: Publishing fails when I publish a secure Web server and present a wildcard certificate. For example, when I publish myserver.adomain.com and present a wildcard certificate *.adomain.com, publishing fails. Why?

A: This is by design. ISA Server can use a wildcard certificate on a listener, but will not accept a wildcard certificate from a published website.

Source: http://technet.microsoft.com/en-us/library/dd363593.aspx

Cheers

JJ

< Message edited by Jason Jones -- 19.Apr.2009 6:04:19 PM >


_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to aguess)
Post #: 2
RE: problem with SSL to exchange front end - 20.Apr.2009 3:59:02 AM   
aguess

 

Posts: 17
Joined: 14.Jul.2005
From: UK
Status: offline
arrrrghhhh !!!!

o well, guess i'd better start looking at the latest version then :/

thanks very much for the info.

Alex.

(in reply to Jason Jones)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> Exchange Publishing >> problem with SSL to exchange front end Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts