activesync & OWA failing SSL error even though got ssl from digicert using Forefton TMG ex 2010

hi all,

i cant get activesnyc nor OWA working as i get a certificate error

the OWA lets me log in then get page cant be displayed "the certificate chain was issued by an authority that is not tusted (-2146892019)

for my ssl certificate i have
mail.mydomain.org
autodiscover.mydomain.org
CH-EX.internaldomain.local
CH-EX

i created the certificate request in exchange, completed it then imported it on exchange
i then exported it through exchange mmc cert snap in and imported it onto the TMG server

i also downloaded all my intermediate and root certs and added them via certificates mmc still nothing

cany anyone help me find out whats gone wrong here?
thanks
Testing Exchange ActiveSync
 	Exchange ActiveSync test Failed
 	
	Test Steps
 	
	Attempting to resolve the host name mail.mydomain.org in DNS.
 	Host successfully resolved
 	
	Additional Details
 	IP(s) returned: xxx.xxx.xxx.xxx
	Testing TCP Port 443 on host mail.domain.org to ensure it is listening and open.
 	The port was opened successfully.
	Testing SSL Certificate for validity.
 	The SSL Certificate failed one or more certificate validation checks.
 	
	Test Steps
 	
	Validating certificate name
 	Successfully validated the certificate name
 	
	Additional Details
 	Found hostname mail.mydomain.org in Certificate Subject Common name
	Validating certificate trust for Windows Mobile Devices
 	Certificate trust validation failed
 	 Tell me more about this issue and how to resolve it
 	
	Additional Details
 	The certificate chain did not end in a trusted root. Root = CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Open in new window

LVL 1
awilderbeastAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AkhaterCommented:
what kind of certificate is it? A thrid party one?

When you go to mmc certificates / computer/local store and check the certificate you have imported does it have a private key?

If you go to the last tab can u go back to the root certifictae?
0
AkhaterCommented:
i just noticed u specified digicert certificate. are you sure you imported it in the computer certificate store? not the user?
0
awilderbeastAuthor Commented:
3rd party cert from digicert

the digi cert certificates dont have private keys mydomain.org key has private keys on both the exchange and the TMG

i have installed them on the local computer yes not the user

I went to exchange opend mmc and exported the certificate including all certificates in the path
then i imported and now on the TMG server see screen 1 then screen 2 says i dont have the private keys for the digicert stuff, do i need them, is that why its untrusted?

cert1.PNG
cert2.PNG
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

AkhaterCommented:
the intermediate Certificates looks like they are in the personal certificate store, they should be in the intermediate ca store
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
awilderbeastAuthor Commented:
ok i looked on the exchange server and looked at where all the certs where, i then did a export of my cert with .pfx included private keys and extended properties and included all certs with it

then imported it on the firewall and let wizard choose where to place the certificates
i then compared the exchange mmc to the tmg mmc and there was still some differences, on the tmg there wasnt a certificate in the third party trusted root and there was only 1 cert in the intermidiate as opposed to 2 on the exchange

so i exported them and imported them into the tmg went to https://mydomain.org/owa the login page appears saying its secure but when i put in credentials and log in i get

page cannot be displayed
Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019)

what else could i have done wrong?

Thanks
0
awilderbeastAuthor Commented:
i got in touch with my ssl provider... all i had to do was reboot the machines! haha
0
awilderbeastAuthor Commented:
i also had to get the certs in the right place which i did beforehand

your comment of moving them to the int store helped
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.