ISA 2006 Certificate Request for OWA

Afternoon All,

I am attempting to publish An Exchange 2007 CAS server using OWA from an ISA 2006 server.

The Exchange CAS server is using a certificate from a Microsoft CA (Installed on my DC). I generated a certificate request from the CAS server as follows:

[PS] C:\Windows\System32>New-ExchangeCertificate -GenerateRequest -Path c:\storg
_shoreditchtrust_org_uk.csr -KeySize 2048 -SubjectName "c=GB, s=, l=London, o=Th
e Shoreditch Trust, cn=storg.shoreditchtrust.org.uk" -DomainName vmexchcas01, vm
exchcas01.storg.local -PrivateKeyExportable $True

Then this request was sent to my CA through the web interface from the CAS server:
http://dc/certsrv

The resultant key was then imported, and enabled for IIS. The CAS server is now fine.

When logged into the ISA 2006 Server, according to these Figure 8 on these instructions I can request a certificate from the CA and install it to the local machine
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-2006-ISA-Firewall-Part5.html

However, I don't get that option. When requesting a Web Certificate "Mark keys as exportable" is greyed out, and "Store certificate in the local computer certificate store" is not present. Going through this process installs the certificate as the current user, not as the local machine. Dragging and dropping it into Local Machine / Personal from the certificate MMC, means the private key is not listed as OK.

Sorry for what is probably too much info, I wasn't sure what was relevant.

It's entirely possible I havent listed the CA as a trusted Authority for the ISa server, but I'm not quite sure how I do that, and even when It was listed in the "Trusted root certificates" store, the above didn't work. I have now removed all certificates issues by me CA to start again.

Thanks for your efforts in advance.

James
STSupportAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NpatangCommented:
For ISA you don't have to request the CERT again. You can simply export the cert from CAS server with the private key and import teh same in the ISA box .( Copy and paste in the isa).
Once it;s there you simply need to install then in the trusted root.
Once that is done , then in the OWA listener to select the valid cert
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
STSupportAuthor Commented:
Thank you very much, managed to export the certificate from the CAS server using Export-ExchangeCertificate from the shell, and thin import it into the ISA server.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.