ISA 2004 Renew CA Certificate

I'm running ISA 2004 Enterprise Edition, 2 servers belonging to one array.

As part of some OWA publishing rules we have a local certificate generated by a stand alone CA which also runs on the first ISA 2004 server.

This certificate belongs to a web listener for one of the rules (local host to Exchange). The certificate is a one year issue, has expired and I cannot see a way to renew it.

Any ideas?

Note: the commercial external based certificate, is fine and doesn't expire for another year.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
generally, you'd open the internal ca you got the certificate from through the web browser on which you want the cert installed (the OWA server) and ask for a renewal or generate a new cert


alternatively, open the IIS service where OWA is running. Open the default web server and select the properties. Find where the cert is installed and from the options there you can create a new request etc.

jonmeddAuthor Commented:
Thanks for the response.

The front-end Exchange servers don't have the internal certificate on them, they have the external certificate only.

I tried to renew the certificate on the ISA boxes using the method above, but since they are not installed in IIS I was not able to renew them. I tried exporting them to PKCS #7 files and then following the
https://ca_server_name/certsrv renewal process, but it looks like you can't renew that way.
Keith AlabasterEnterprise ArchitectCommented:

What if you export your public cert & key and import that into ISA itself? As ISA will be masquerading as the true box......  ie it is listening for the true mail server.

Although I only use internal certs I use the same one on both my Exchange and my ISA server.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

jonmeddAuthor Commented:
I'm already using the public cert in ISA. It uses that in one rule then uses the internal cert in another rule.

If you track the connection it fails on the internal rule.
Keith AlabasterEnterprise ArchitectCommented:
OK, not normally slow on the uptake but I am obviously being dense.
As a quick win, amend the publishing rule/listener so that you accept ssl onto the ISA server then bridge with http to the OWA box. That will at least let OWA stop giving horrible messages and you are still over an ssl tunnel to the ISA box.

Can we now go over again what certificate is from where and installed on what and I am missing something in the picture I have.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jonmeddAuthor Commented:
Turns out the database was corrupt and the expired certificate just exposed the problem - its was a full rebuild job. Since no one else answered I'm allocating the above the points.
Keith AlabasterEnterprise ArchitectCommented:
Thats kind of you and thanks :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.