• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 901
  • Last Modified:

add a new SSL certificate to ISA 2006

Hi,

We have added the new SSL certificate to IIS on our public Win2k3 IIS server (inside ou=r network), but it also needs to be added to ISA.

We will need to add these to all listeners with a *.xyz.edu domain name on our ISA server (e.g. alumni.xyz.edu, www.xyz.edu, abc.xyz.edu, etc.)

We have used 3rd party's certificate service (we don't have our own PKI and Root CA service), I would like to know the followings:

1.) What are the procedures to add the new certificate to all listeners with a *.xyz.edu domain name on our ISA server?
2.) What's the risk if something goes wrong?
3.) How to roll it back to the current existing certificate.

I have to be extremely careful as its impact is enormous (we are talking about public web server here).

Any information and help would be much appreciated.

Thanks in advance.

Regards

John

 

0
mbsadmin1
Asked:
mbsadmin1
  • 2
1 Solution
 
Shreedhar EtteCommented:
Hi,

Refer this article:
http://www.isaserver.org/articles/exportsslcert.html

Hope this helps,
Shree
0
 
mbsadmin1Author Commented:
Hi shreedhar,

thanks for your info. but i think the url you gave me is referring to ISA2004. Are the same procedures for  ISA 2004 &2006?

Cheers

John
0
 
simonlimonCommented:
First import the new certificate in the machine store on the is server, replace the certificate on the listener and that should be it. You also have to import the root cert to the is, if it is not already there.

0
 
mbsadmin1Author Commented:
Hi Shreedhar,

I think your info is more relevant to the question , even though it's not 100% accurate.

Thanks.

Regards

John
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now