I have a website running on Apache Webserver (Httpd) version 2.2 on a Windows 2003 Server in an anonymous DMZ (followed all suggestions recommended by Tom's books and articles on the subject). The site has been running great for years.
I now want to install a third party (Verisign) certificate. The way I would normally do this in an IIS environment is to import the Verisign certificate into the Security certificate area of the website in IIS Manager. Then I would go through the export process in IIS Manager and export the certificate using a private key. Then I would import the certificate onto the server hosting Forefront TMG. Once installed, I would go to the Listener for the published web server and select the valid certificate.
The Verisign certificate was imported into the Apache server. We then used a command line to export the certificate to a PFX file. On the Forefront TMG server, I launched MMC, added the Certificate snap-in for the local computer, right mouse clicked on "trusted sites" and selected import, and the import was successful. When I go into Forrfront TMG and click on my listener to select the certificate, the certificate is not showing up in the list--not even when I uncheck "show only valid certificates". The certificate says it is installed correctly in Windows, but ForeFront TMG does not see it.
Charlie, I have been in this situation many times. Importing the certificate into TMG / ISA from Apache web instance is little tricky. The reason why TMG is not seeing the certificate is because of the fact that the exported cert ( from Apache ) is not a COMPLETE certificae. By that I mean you are missing the private key even though, you have exported to a PFX file. I use IBM's Key Manager to export the cert from Apache ( as a complete certificate file ). If you are still looking for answers, please let me know. Regards, Eugene