Solved

How do I export an SSL certificate from a TMG server?

Posted on 2011-09-13
8
528 Views
Last Modified: 2012-05-12
I have a Forefront TMG server that holds the SSL certificate for our Exchange 2010 OWA Server.  I am trying to request a new SSL since this one will expire soon.  I setup a certificates MMC and can see the certificate.  Whenever I try and request a new cert I receive the following "Enrollment error - The request contains no certificate information."

I found some links online that offer assistance, but so far no luck.  How can I get this cert off to get renewed?

Thanks in advance.
0
Comment
Question by:copio
  • 4
  • 2
  • 2
8 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Not the way it is done. Request the new cert from the Exchange system, not the TMG box. When you get the new cert back import into the Exchange/iis server - then export it from Exchange (with the private key) and import to the TMG box. Edit the TMG listener and select the new cert - reboot the TMG.
0
 

Author Comment

by:copio
Comment Utility
Keith, I can't see the OWA cert from the Exchange System.  Am I doing something wrong?
0
 
LVL 49

Expert Comment

by:Akhater
Comment Utility
Open Exchange System Manager -> Server configuration

on the right hand side select your CAS server and look further on your right hand side you have an action to create a new exchange certificate
0
 

Accepted Solution

by:
copio earned 0 total points
Comment Utility
So I resolved it.  Here is what I did.

1.  I installed the IIS Manager role on the TMG Server.
2.  I was then able to create the CSR.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Closing Comment

by:copio
Comment Utility
This is the solution that worked.
0
 
LVL 49

Expert Comment

by:Akhater
Comment Utility
IIS role on tmg is not a good idea since both use port 80 and 443 and it was already pointed out to you that it should be done from Exchange and not from IIS
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Absolutely mental
0
 

Author Comment

by:copio
Comment Utility
Keith,

I agree with you 110%.  I've done CSR/s in the past.  I'm a consultant and some genius decided to put the OWA SSL on the TMG.  I have no idea how it got there since IIS was not installed on the TMG.  I had to install the ISS MANAGER ONLY - NOT IIS <-- to generate the CSR.  Hopefully it will be placed on the Exchange Server and not the TMG.  Complete messes are usually left for me by all the clients I support.  I tend to find some geniuses out there.  :-p
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now