How do I export an SSL certificate from a TMG server?
I have a Forefront TMG server that holds the SSL certificate for our Exchange 2010 OWA Server. I am trying to request a new SSL since this one will expire soon. I setup a certificates MMC and can see the certificate. Whenever I try and request a new cert I receive the following "Enrollment error - The request contains no certificate information."
I found some links online that offer assistance, but so far no luck. How can I get this cert off to get renewed?
Thanks in advance.
I found some links online that offer assistance, but so far no luck. How can I get this cert off to get renewed?
Thanks in advance.
Keith Alabaster
Not the way it is done. Request the new cert from the Exchange system, not the TMG box. When you get the new cert back import into the Exchange/iis server - then export it from Exchange (with the private key) and import to the TMG box. Edit the TMG listener and select the new cert - reboot the TMG.
ASKER
Keith, I can't see the OWA cert from the Exchange System. Am I doing something wrong?
Open Exchange System Manager -> Server configuration
on the right hand side select your CAS server and look further on your right hand side you have an action to create a new exchange certificate
on the right hand side select your CAS server and look further on your right hand side you have an action to create a new exchange certificate
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This is the solution that worked.
IIS role on tmg is not a good idea since both use port 80 and 443 and it was already pointed out to you that it should be done from Exchange and not from IIS
Absolutely mental
ASKER
Keith,
I agree with you 110%. I've done CSR/s in the past. I'm a consultant and some genius decided to put the OWA SSL on the TMG. I have no idea how it got there since IIS was not installed on the TMG. I had to install the ISS MANAGER ONLY - NOT IIS <-- to generate the CSR. Hopefully it will be placed on the Exchange Server and not the TMG. Complete messes are usually left for me by all the clients I support. I tend to find some geniuses out there. :-p
I agree with you 110%. I've done CSR/s in the past. I'm a consultant and some genius decided to put the OWA SSL on the TMG. I have no idea how it got there since IIS was not installed on the TMG. I had to install the ISS MANAGER ONLY - NOT IIS <-- to generate the CSR. Hopefully it will be placed on the Exchange Server and not the TMG. Complete messes are usually left for me by all the clients I support. I tend to find some geniuses out there. :-p