second ssl certificate on isa 2006 and sbs

I am running sbs 2003 iis 6 behind a ISA 2006 server and I am now trying to publish a second site through the ISA with a ssl certificate.

I have OWA initially setup and working fine through the ISA with a self signed cert but when I try and add the new additional domain certificate I run into problems with the web listeners saying that they are on the same Ip address and Port.
I have tried changing the ssl port but when I open the url in a browser I still get the original ssl cert for the remote outlook and ISA is blocking the url with 12202 the ISA server denied the specified URL. I have added a second IP address to the iis but I cannot work out how to add this to the ISA to split the two certs/domains.

I am on the right track or can I just add the web listeners to use different certificates for the different domains.


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Glen KnightCommented:
You can specify the certificate that is used on the listener itself.
So when you select the IP address for the listener to use you can also specify the certificate.

Although if both URL's are for the same domain you can avoid any complications by using a wildcard certificate for say *
Keith AlabasterEnterprise ArchitectCommented:
A second IP address on the IIS will not help. You need a second IP on the ISA box - as that is where the listener resides. Once you have that, the Addresses tab ceases to be greyed out on the listener when you select which network to listen on. That option allows you to select an individual ip address.
chrispatonAuthor Commented:
Which nic do I need to add the ip address to on the ISA, internal or external?
I have setup the internal network ip as with the iis server/sbs being
and the Incoming Ip being with default gateway
I only have on Static Ip address coming into the server through our ISP is that a problem?
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Keith AlabasterEnterprise ArchitectCommented:
Keith AlabasterEnterprise ArchitectCommented:
Yes - you would need a second external (public) ip address.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Glen KnightCommented:
The EXTERNAL interface needs to have another PUBLIC IP address assigned to it.
And the DNS needs to be configured to use this second IP address.
chrispatonAuthor Commented:
It is not possible to get additional public IP addresses to this server at this time so have resolved the issue by moving the application to a separate web server that does not have to go through the ISA and is not affected by any other SSL certs on the server.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.