jonmedd
asked on
ISA 2004 Renew CA Certificate
I'm running ISA 2004 Enterprise Edition, 2 servers belonging to one array.
As part of some OWA publishing rules we have a local certificate generated by a stand alone CA which also runs on the first ISA 2004 server.
This certificate belongs to a web listener for one of the rules (local host to Exchange). The certificate is a one year issue, has expired and I cannot see a way to renew it.
Any ideas?
Note: the commercial external based certificate, webmail.companyname.co.uk is fine and doesn't expire for another year.
As part of some OWA publishing rules we have a local certificate generated by a stand alone CA which also runs on the first ISA 2004 server.
This certificate belongs to a web listener for one of the rules (local host to Exchange). The certificate is a one year issue, has expired and I cannot see a way to renew it.
Any ideas?
Note: the commercial external based certificate, webmail.companyname.co.uk is fine and doesn't expire for another year.
ASKER
Thanks for the response.
The front-end Exchange servers don't have the internal certificate on them, they have the external certificate only.
I tried to renew the certificate on the ISA boxes using the method above, but since they are not installed in IIS I was not able to renew them. I tried exporting them to PKCS #7 files and then following the
https://ca_server_name/certsrv renewal process, but it looks like you can't renew that way.
The front-end Exchange servers don't have the internal certificate on them, they have the external certificate only.
I tried to renew the certificate on the ISA boxes using the method above, but since they are not installed in IIS I was not able to renew them. I tried exporting them to PKCS #7 files and then following the
https://ca_server_name/certsrv renewal process, but it looks like you can't renew that way.
OK.
What if you export your public cert & key and import that into ISA itself? As ISA will be masquerading as the true box...... ie it is listening for the true mail server.
Although I only use internal certs I use the same one on both my Exchange and my ISA server.
What if you export your public cert & key and import that into ISA itself? As ISA will be masquerading as the true box...... ie it is listening for the true mail server.
Although I only use internal certs I use the same one on both my Exchange and my ISA server.
ASKER
I'm already using the public cert in ISA. It uses that in one rule then uses the internal cert in another rule.
If you track the connection it fails on the internal rule.
If you track the connection it fails on the internal rule.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Turns out the database was corrupt and the expired certificate just exposed the problem - its was a full rebuild job. Since no one else answered I'm allocating the above the points.
Thats kind of you and thanks :)
https://ca_server_name/certsrv
alternatively, open the IIS service where OWA is running. Open the default web server and select the properties. Find where the cert is installed and from the options there you can create a new request etc.