STSupport
asked on
ISA 2006 Certificate Request for OWA
Afternoon All,
I am attempting to publish An Exchange 2007 CAS server using OWA from an ISA 2006 server.
The Exchange CAS server is using a certificate from a Microsoft CA (Installed on my DC). I generated a certificate request from the CAS server as follows:
[PS] C:\Windows\System32>New-Ex changeCert ificate -GenerateRequest -Path c:\storg
_shoreditchtrust_org_uk.cs r -KeySize 2048 -SubjectName "c=GB, s=, l=London, o=Th
e Shoreditch Trust, cn=storg.shoreditchtrust.o rg.uk" -DomainName vmexchcas01, vm
exchcas01.storg.local -PrivateKeyExportable $True
Then this request was sent to my CA through the web interface from the CAS server:
http://dc/certsrv
The resultant key was then imported, and enabled for IIS. The CAS server is now fine.
When logged into the ISA 2006 Server, according to these Figure 8 on these instructions I can request a certificate from the CA and install it to the local machine
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-2006-ISA-Firewall-Part5.html
However, I don't get that option. When requesting a Web Certificate "Mark keys as exportable" is greyed out, and "Store certificate in the local computer certificate store" is not present. Going through this process installs the certificate as the current user, not as the local machine. Dragging and dropping it into Local Machine / Personal from the certificate MMC, means the private key is not listed as OK.
Sorry for what is probably too much info, I wasn't sure what was relevant.
It's entirely possible I havent listed the CA as a trusted Authority for the ISa server, but I'm not quite sure how I do that, and even when It was listed in the "Trusted root certificates" store, the above didn't work. I have now removed all certificates issues by me CA to start again.
Thanks for your efforts in advance.
James
I am attempting to publish An Exchange 2007 CAS server using OWA from an ISA 2006 server.
The Exchange CAS server is using a certificate from a Microsoft CA (Installed on my DC). I generated a certificate request from the CAS server as follows:
[PS] C:\Windows\System32>New-Ex
_shoreditchtrust_org_uk.cs
e Shoreditch Trust, cn=storg.shoreditchtrust.o
exchcas01.storg.local -PrivateKeyExportable $True
Then this request was sent to my CA through the web interface from the CAS server:
http://dc/certsrv
The resultant key was then imported, and enabled for IIS. The CAS server is now fine.
When logged into the ISA 2006 Server, according to these Figure 8 on these instructions I can request a certificate from the CA and install it to the local machine
http://www.isaserver.org/tutorials/Publishing-Exchange-2007-OWA-Exchange-ActiveSync-RPCHTTP-2006-ISA-Firewall-Part5.html
However, I don't get that option. When requesting a Web Certificate "Mark keys as exportable" is greyed out, and "Store certificate in the local computer certificate store" is not present. Going through this process installs the certificate as the current user, not as the local machine. Dragging and dropping it into Local Machine / Personal from the certificate MMC, means the private key is not listed as OK.
Sorry for what is probably too much info, I wasn't sure what was relevant.
It's entirely possible I havent listed the CA as a trusted Authority for the ISa server, but I'm not quite sure how I do that, and even when It was listed in the "Trusted root certificates" store, the above didn't work. I have now removed all certificates issues by me CA to start again.
Thanks for your efforts in advance.
James
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER