SBS2003 r2 Prem. Problems after installing SSL Certificate with RWW and OWA and ....

Need some guidance please correcting the following.
First I have an sbs2003 R2 Premium box with isa 2004.
I pop my mail and via pop3 connector using address mail.domain.com.au (although will change to smtp after resolving this, one step at at time please)  and host my website externally at my isp www.domain.com.au Further to that I have a dns entry (external) office.domain.com.au which pints to my ip address (adls router).
As such I can get rww and owa until now. I was previously using a self signed cert called publishing.domain.com.au
Furthermore I can no longer access my website or pop my mail.

So this is what we did.
1. Today (with assistance) I used isa to request a  certificate and and subsequently purchased a trustico ssl
2. Imported the cert via isa
3. Created a new zone in my local dns of  domain.com.au (I already have a domain.local)
4. Created a new A record in that zone office.domain.com.au and pointed it to my internal ip address

This meant that https:\\office.domain.com.au/remote and  https:\\office.domain.com.au/exchange resolves bow both externally and internally with a cert. BUT now I cannot access my website or exchange pop my mail as obviously these no longer resolve from my lan
Further to this when I rerun the ICIEW wizard it populates my isa rules with publising.domain.com.au and subsequently I have to manually change this back to office.domain.com.au to get owa and rww working again.

Now where I think we went wrong is not using ICIEW to import the SSL in the first instance.
If I had of done this would I have needed to add a new dns zone just to get office.domain.com.au to resolve. internal resolution is not important, external is?

If I read the article. http://technet.microsoft.com/en-us/library/cc949119(printer).aspx it suggest that I used isa to create the cert (which i did) and ICIEW to import. My theory was to run the ICIEW again and import the ssl cert but because I have already done this using isa without the wizard I cannot proceed.

Now I am not sure that If I place another certificate request using isa that I will lose the cert I have purchased. (I am getting over my head here) because was it not the original cert request that I cut ad pasted when purchasing earlier today. Or can I just remove via isa the purchased ssl, create a new request and then import the certificate again.

Any clarification on this would be appreciated. If anyone knows the answer I know here is the place to find it.
Thanks
Philip
 
PhilipManagerAsked:
Who is Participating?
 
Philip ElderConnect With a Mentor Technical Architect - HA/Compute/StorageCommented:
This is the proper method:

http://blog.mpecsinc.ca/2008/08/sbs-2k3-premium-configuring-ssl.html

publishing is the internal facing certificate that gets created. Please reverse everything you have done and follow the above guidance. Don't worry about the wildcard as they are the same.

Philip
0
 
PhilipManagerAuthor Commented:
Thanks for the input at least now I know where the follow up article is but can I confirm does this mean that I will be required to purchase another ssl cert?
Remembering I purchased one yesterday using my original certificate request?
Thanks
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
You use the procedure to import via the secondary IIS site (if you created the CSR there), then into the cert store on SBS for ISA, then bind to your Web listeners in ISA (Companyweb and RWW).

Philip
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
PhilipManagerAuthor Commented:
Thanks again Philip, I will try these procedures form start to finish over the weekend, scrap the original ssl cert that I purchased as this was generated via the default website and not via the "secondary" one as described in http://technet.microsoft.com/en-us/library/cc949119(printer).aspx 

So hopefully I will close this pots and award points then.
One last question before I do though.

In ISA when I select directory security and assign an existing certificate I have about 12 entries.
How can I clear these all out ?
Thanks
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
on the server itself you start MMC and add the certificate management snap-in. You can clean them out of the personal store.

Philip
0
 
PhilipManagerAuthor Commented:
Thanks and sorry didnt close earlier.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.