How to use webserver certificate issued by windows 2008 ca for isa 2006 owa listener?

a. How did you create the certificate request?
b. Is the root certificate trusted by the ISA Server and your exchange server?

a, Requested via CA Web Interface
b, root certificate is trusted

So far I found a solution that keeps my ISA listeners running, but it is not the final solution. I installed a sub-CA which is a windows 2003 server and those certificates are working fine with the isa listeners again. But the problem with 2008-issued certificates is persistent.

Do you have all the updates installed on the ISA Server? IIRC there were some changes made to ISA regarding certificates in SP1 (I am still looking for the link).

Latest patches completely applied.

Can you open the offending certificate using Explorer (just double click) and post a screenshot?

A hotfix addressing this issues is now available from Microsoft - http://support.microsoft.com/kb/948963/

Regards,
Raj

I would consider my final comment as valid answer unless NetPro70 objects.

Thanks,
Raj

Only comment there raj is that the article was for Windows 2003 issues whereas the user has 2003 working OK, and the issue is with the 2008 version unless I am reading it incorrectly.

I assume the ISA Server is running on-top of Windows 2003 which doesn't support the AES chiper suit used by Server 2008 CA. The hotfix I linked will resolve this issue.

See link for more details - http://blogs.technet.com/isablog/archive/2009/05/23/fun-with-isa-server-and-aes-cipher-suites.aspx

Thanks,
Raj