Publishing OWA (Exchange 2010) with ISA 2004 over SSL (Full Version)

All Forums >> [ISA Server 2004 General ] >> Server Publishing



Message


hostethomas -> Publishing OWA (Exchange 2010) with ISA 2004 over SSL (6.Jan.2010 5:31:35 PM)

Hello,

I've been searching the Internet for hours, but I can't find the reason why this is not working at all:
I have a Windows 2008 RC2 64bit Exchange 2010 Server and a...
Windows 2003 SP2 ISA 2004 (SP2) firewall

I want to publish the OWA (on the Exchange 2010 server) over SSL. No problems on the inside but...when I try to create a web listener on my ISA 2004, it tells me "there is no certificate". I've tried all kinds of methods to export and import the certificate of my Exchange 2010...nothing works, the ISA 2004 doesn't recognise my certificate. When I check the installed certificateds (with mmc --> certificate manager), I find the certificate of my Exchange 2010. I've copied it everywhere...

My question: could there be a incompatibility between Windows 2008 RC2 certificates and Windows 2003 ISA 2004?

Thanks so much for your answer and maybe for a solution,

Greetings,

Thomas Hoste




Jason Jones -> RE: Publishing OWA (Exchange 2010) with ISA 2004 over SSL (6.Jan.2010 8:26:55 PM)

Hi Thomas,

How did you issue the certificates, from an internal CA or from a public CA?

ISA Server 2004 doesn't support SAN certificates, so this may be your issue...

http://blogs.technet.com/isablog/archive/2007/08/29/certificates-with-multiple-san-entries-may-break-isa-server-web-publishing.aspx

Cheers

JJ




hostethomas -> RE: Publishing OWA (Exchange 2010) with ISA 2004 over SSL (7.Jan.2010 5:40:34 AM)

Hello JJ,

First of all, thanks a lot for answering that quickly!
I've read the artikel you've send to me, but I don't think that's our problem...
Right now, I'm at work again and I can tell you the exact message on our ISA.  When I try to create a web listener for SSL, the ISA 2004 tells me (on hitting the button "select"): "There are no certificates configured on this server". 

And to answer your question: the issue comes from a internal CA (it is generated automatically (?) by our Exchange 2010).  Maybe I have to create a new certificate and add that to our Exchange 2010?  Any idea how?  It's the first time I work with certificates and ISA, so pardon me for silly questions :) . 

Thanks for your reply and help,

Greetings,

Thomas




paulo.oliveira -> RE: Publishing OWA (Exchange 2010) with ISA 2004 over SSL (7.Jan.2010 7:10:16 AM)

Hi,

check this article for troubleshooting certificates on ISA: http://www.isaserver.org/tutorials/Implementing-Troubleshooting-Certificate-Deployment-ISA-Server-2006.html


and this one for how to publish Exchange 2010 on ISA 2006 SP1. Even though, you´re using ISA 2004, this may help either:
http://msexchangeteam.com/archive/2009/12/17/453625.aspx

Regards,
Paulo Oliveira.




Rotorblade -> RE: Publishing OWA (Exchange 2010) with ISA 2004 over SSL (7.Jan.2010 9:18:05 AM)

Aside from ISA not supporting SAN certificates (which you’ll quickly find out after you can find the certificate) and you possibly not exporting the correct format; when importing the proper certificate into ISA’s certificate store, you need to be sure that you are importing into the correct certificate store. When you run the mmc and add the Certificates snap-in; you will be prompted to which certificate store would like to manage. (My user account, Service  account and Computer account) If  the ISA FW service is running under the Local Service account, then that is the one you need to be using; otherwise, you will not see the imported certificate when you try to bind it to a Web Listener.

HTH

RB  




Page: [1]