I've been searching the Internet for hours, but I can't find the reason why this is not working at all: I have a Windows 2008 RC2 64bit Exchange 2010 Server and a... Windows 2003 SP2 ISA 2004 (SP2) firewall
I want to publish the OWA (on the Exchange 2010 server) over SSL. No problems on the inside but...when I try to create a web listener on my ISA 2004, it tells me "there is no certificate". I've tried all kinds of methods to export and import the certificate of my Exchange 2010...nothing works, the ISA 2004 doesn't recognise my certificate. When I check the installed certificateds (with mmc --> certificate manager), I find the certificate of my Exchange 2010. I've copied it everywhere...
My question: could there be a incompatibility between Windows 2008 RC2 certificates and Windows 2003 ISA 2004?
Thanks so much for your answer and maybe for a solution,
First of all, thanks a lot for answering that quickly! I've read the artikel you've send to me, but I don't think that's our problem... Right now, I'm at work again and I can tell you the exact message on our ISA. When I try to create a web listener for SSL, the ISA 2004 tells me (on hitting the button "select"): "There are no certificates configured on this server".
And to answer your question: the issue comes from a internal CA (it is generated automatically (?) by our Exchange 2010). Maybe I have to create a new certificate and add that to our Exchange 2010? Any idea how? It's the first time I work with certificates and ISA, so pardon me for silly questions :) .
Aside from ISA not supporting SAN certificates (which you’ll quickly find out after you can find the certificate) and you possibly not exporting the correct format; when importing the proper certificate into ISA’s certificate store, you need to be sure that you are importing into the correct certificate store. When you run the mmc and add the Certificates snap-in; you will be prompted to which certificate store would like to manage. (My user account, Service account and Computer account) If the ISA FW service is running under the Local Service account, then that is the one you need to be using; otherwise, you will not see the imported certificate when you try to bind it to a Web Listener.
David Melvin Ohio MCSE: Security 2003, MCSA:Security 2003