?
Solved

ISA 2006 Certificate Request for OWA

Posted on 2009-07-15
2
Medium Priority
?
778 Views
Last Modified: 2012-05-07
Afternoon All,

I am attempting to publish An Exchange 2007 CAS server using OWA from an ISA 2006 server.

The Exchange CAS server is using a certificate from a Microsoft CA (Installed on my DC). I generated a certificate request from the CAS server as follows:

[PS] C:\Windows\System32>New-ExchangeCertificate -GenerateRequest -Path c:\storg
_shoreditchtrust_org_uk.csr -KeySize 2048 -SubjectName "c=GB, s=, l=London, o=Th
e Shoreditch Trust, cn=storg.shoreditchtrust.org.uk" -DomainName vmexchcas01, vm
exchcas01.storg.local -PrivateKeyExportable $True

Then this request was sent to my CA through the web interface from the CAS server:
http://dc/certsrv

The resultant key was then imported, and enabled for IIS. The CAS server is now fine.

When logged into the ISA 2006 Server, according to these Figure 8 on these instructions I can request a certificate from the CA and install it to the local machine
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-2006-ISA-Firewall-Part5.html

However, I don't get that option. When requesting a Web Certificate "Mark keys as exportable" is greyed out, and "Store certificate in the local computer certificate store" is not present. Going through this process installs the certificate as the current user, not as the local machine. Dragging and dropping it into Local Machine / Personal from the certificate MMC, means the private key is not listed as OK.

Sorry for what is probably too much info, I wasn't sure what was relevant.

It's entirely possible I havent listed the CA as a trusted Authority for the ISa server, but I'm not quite sure how I do that, and even when It was listed in the "Trusted root certificates" store, the above didn't work. I have now removed all certificates issues by me CA to start again.

Thanks for your efforts in advance.

James
0
Comment
Question by:STSupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 8

Accepted Solution

by:
Npatang earned 1500 total points
ID: 24859102
For ISA you don't have to request the CERT again. You can simply export the cert from CAS server with the private key and import teh same in the ISA box .( Copy and paste in the isa).
Once it;s there you simply need to install then in the trusted root.
Once that is done , then in the OWA listener to select the valid cert
0
 

Author Closing Comment

by:STSupport
ID: 31603715
Thank you very much, managed to export the certificate from the CAS server using Export-ExchangeCertificate from the shell, and thin import it into the ISA server.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month10 days, 16 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question