Hi, I've been trying to setup a CA Server to use OWA web site with SSL. I think I've done all the steps to accomplish this (inclusive, I bought Tom Shinder's book Configuring ISA Server 2004) but when I finally want to reach my owa site it says :
Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.
Technical Information (for support personnel) ò Error Code: 502 Proxy Error. The ISA Server denies the specified Uniform Resource Locator (URL). (12202)
ò IP Address: 200.x.x.x ò Date: 5/31/2005 8:10:49 PM ò Server: isaserver.domain.com ò Source: proxy
This error message is often to do with ISA not being able to resolve the IP address of the target server from the FQDN. Can you view the OWA site from ISA Server itself?
If problems are Certificate Related, the commonest error is "The certificate is revoked". This is usually due to CRL checking failures. When you start seeing that, then you know you're on the right track.
It is advisable, when setting up OWA, to ensure that it all works without certificates first, before throwing them into the mix. Try that first. If you want more help on this, you are going to need to post a bit more information about your configuration.
4) I've continued with the pending certificate creation at IIS WEB default folder where I've pasted certsrv.txt file content. After this, the ROOT Enterprise Certificate at CA Server was nicely created.
5) Then I've exported a pbf certificate in order to use it later at ISA importation.
6) Exactly as Tom Shinder's Configuring ISA Server 2004 book says at page 674 (chapter 8) I've imported web certificates into ISA Firewall's Machine Certificate Store.
7) Following the guidelines at the book I've requested a user certificate for ISA Firewall to present to SSL Web Sites.
8) I've alloed all HTTP traffic from ISA Server to all networks (for CRL Download).
9) I've installed the certificate.
10) Then I exported this certificate.
11) And when I want to Create the SSL Web Publishing Rule at the Listener specification section when wanting to define which certificate to use for SSL port 443 it says: "There is no certificates set up on this server".
Ok Tom, these are the settings for Web Publishing rule:
Action ------ . Allow . Log requests matching this rule
From ---- .Anywhere
To -- .Server: mail.mydomain.com .(not checked) Forward the original host header instead of the actual one .(checked) Requests appear to como from the ISA Server computer
Traffic ------- .HTTP
Listener -------- Here's where I cannot select a 443 port listener because when I want to assign a certificate with the Select button it says "There is no certificated configurated on this server" (or something like that, I'm translating from a ISA Spanish version).
Public Name ----------- .Request for the following websites: mail.mydomain.com
Paths ----- .External Path: same as internal .Internal Path: /*
Bridging -------- Web Server (selected) Redirect to requests to HTTP port: 80 (not selected) Redirect to requests to HTTP port: 443 (selected) Use a certificate to authenticate to the SSL Web Server (selected): isafirewall
Users ----- All Users
Schedule -------- default settings
Link Translation ---------------- default settings
Additional Note: 1) mail.mydomain.com is an A name which my ISP is using and redirecting towards my ISA Server using the IP. 2) If I don't use certificates OWA works great. 3) FQDN where CA and Exchange Server are installed is madsrv002.mydomain.com It is not mail.mydomain.com as it is an A record on my ISP. 4) Certificate Server is an Enterprise Root CA.
So, the problem is I cannot set the certificate at the listener.
This is why exactly? Hope this is enough info for you to help me,
Oh, forgot to say that OWA is working from within ISA Server. Not when I'm trying to reach OWA website from within or outside the network. That's why I think this is an ISA Web Publishing problem. What do you think?