Solved

Requesting a Godaddy Cert for TMG 2010 web listener

Posted on 2012-03-26
5
1,300 Views
Last Modified: 2012-06-22
Hello,

Here is the bind I'm in.

We have an exchange 2010 server that sits behind a TMG 2010  server.  

The certificate that we were using on the web listener on the TMG server for owa has expired.

I went ahead and bought a GoDaddy UCC certificate.  

I'm trying to figure out the correct way to request this certificate and get it installed on the web listener.  

Any advice would be greatly appreciated.

Thanks,
0
Comment
Question by:staleek
  • 2
  • 2
5 Comments
 
LVL 4

Assisted Solution

by:pwnbasketz
pwnbasketz earned 250 total points
ID: 37767740
To import the certificate:

http://technet.microsoft.com/en-us/library/cc441505.aspx

I'm not sure if there's a specific folder you have to install them in or not, but ours are in the personal certificates folder.

Then to setup the certificate in TMG 2010, find the firewall policy for owa and:

Right click policy for owa
Go to properties
Click on the 'Listener' tab
In the 'Listener' tab click 'Properties...'
Click the 'Certificates' tab
Click 'Select Certificate...'
Select the cert you imported from above and click 'Select'
Click OK until you're out and that should be it
0
 

Author Comment

by:staleek
ID: 37768064
Thanks for the reply pwnbasketz

I agree that will allow me to import it into the TMG Web listener.

My main issues is getting the certificate for importing.  

From what I'm reading I will need to generate a CRS request so to get the certificate from GoDaddy.  

I don't see a way to do that from the TMG server.  I read that people do it from the exchange 2010 certificate wizard.  Then import that certificate into the exchange server.  

If that is the case am I to export the certificate and then import it into the TMG 2010 server for the web listener to use?
0
 
LVL 3

Accepted Solution

by:
cfletch1980 earned 250 total points
ID: 37768336
Yes from within the Exchange management console select Server Configuration(with that selected you will see a option on far right pane to create a new Exchange certificate request).

Once you have the CSR, you can request the certificate from GoDaddy. then you import the new certificate back within exchange and finally on your web listener on TMG that relate to the exchange services you publishing. Hope that helps
0
 
LVL 4

Expert Comment

by:pwnbasketz
ID: 37768341
That sounds right.  That was my fault on that one (i misread the question).  But yes, you should generate the CSR from the exchange server, then complete the pending request and then export the certificate.  From everything I have read up on this, Forefront just needs the final certificate imported so that it can perform the SSL bridging (which enables it to scan the packets as they come in and then forward to the destination).
0
 

Author Closing Comment

by:staleek
ID: 38007755
Sorry for the delay.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now