• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5188
  • Last Modified:

ISA 2006 - SSL Certificates showing as INVALID, but they are valid.

ISA 2006, Have imported valid, external SSL certificates into personal store of ISA server.  When pointing to them in ISA Listner, it is showing the certificate as "INVALID".   But, I have checked the certificate in MMC Certificates, and it is valid.
I have just downloaded a new SSL certificate from RapidSSL, and got the exact same issue.  

1 Solution
is it type "server certificate"?
drakbaAuthor Commented:
It is a Web SSL cert created from a cert request in the companion IIS server.
So did you requested the SSL certificate with IIS on your Exchange server?  If not how did you do this?  If you did you will want to install that Cert on the Exchange Server and then export it out and install in on the ISA server.

You may want to download the Root certificate from RapidSSL and install it in your Trusted Root Certificates.
It look like thier Root Certificate is here...

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I am sorry, you never said Exchange you are just doing an IIS site.  You will want to export the Cert from the IIS site if you have not already done that and not use the one you download from RapidSSL form ISA.  (That has been my experience)
Keith AlabasterEnterprise ArchitectCommented:
First question, what are you publishing? Is this a direct connected service such as Sharepoint or a bridged item such as OWA?

If its bridged for owa, can you connect internally to the https://server/exchange url successfully and get a valid cert screen?
drakbaAuthor Commented:
Ok, here is the deal.  

I took the certificate sent to me from RapidSSL, and imported it directly in to the ISA server.  That was the problem.  It did not get the private key from the IIS server.

I had to go into the IIS server, and export the cert. to a file (that included the private key), and import it that way into the ISA server, and BINGO, valid cert!
Thank you Dbaks1000!
I joined this site to find a solution to this issue.  It was not here.  I'm sure that isn't the case 100% of the time, but thought I'd share what fixed the problem I was having...

You will receive this error if you are using enterprise edition, have an array of servers, and have not imported the certificate to all members of the array.  Until you do, it will show as invalid.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now