I have a *.mydomain.com wildcard cert from GoDaddy.com. It's installed in IIS (Win2k3) on my Exchange 2003 Front End server. I've exported it from IIS as a .pfx and imported it into my ISA 2004 server.
Everything looks right. I've been running this ISA 2004 server with a FQDN SSL Cert for ages although pointing at my main Exchange Server rather than this front end one.
However, when I go to https://outlook.mydomain.com/exchange I get the forms logon screen and after proving a valid user and password to logon, I get a Page can not be displayed "ror Code: 500 Internal Server Error. The target principal name is incorrect. (-2146893022)" error page :( If I turn off FBA from the FE Exchange server, it just fails with the same error as soon as you go to the URL.
I've also got a ISA 2006 server (which ultimately I can't use for this), and if I use the same wildcard cert and point to the same front end exchange server it works just fine.
So I don't understand what's wrong. I've got it temporarily working bridging into HTTP i.e. Client -SSL-> ISA 2004 Server -HTTP-> Exchange 2003 FE Server. This is working fine, and the cert is happyily working for that first part, it's just when I want to go SSL all the way (which I do).
Any suggestions at areas to look at very much appreciated.
From: United Kingdom
ISA 2004 doesn't support published servers which use wildcard certificates, whereas ISA 2006 does; hence your results...
Q: Publishing fails when I publish a secure Web server and present a wildcard certificate. For example, when I publish myserver.adomain.com and present a wildcard certificate *.adomain.com, publishing fails. Why?
A: This is by design. ISA Server can use a wildcard certificate on a listener, but will not accept a wildcard certificate from a published website.