Re: Failure installing SSL certificate on SBS2003PremSP1 (incl. ISA200

Tech-Archive recommends: Fix windows errors by optimizing your registry

Alex wrote:

I have spent most of Friday, all Monday and two days previously trying to get
a CA generated SSL cert to import into the ConnectToInternet wizard. It is a
nightmare. All Friday and Monday and two chaps at MS Partnet support (in
India I think) have been trying to help.

Basically I generate the certreq.txt as per CtoI wizard help instructions,
send it off to my CA, I get back a .crt file or a .cer file. This will

Which CA?


manually import into IIS6 but never into the CtoI wizard. I also think that
it is critical to get it working through the SBS wizard and not manually in
the IIS wizard because clearly ISA2004 needs some configuring done as well or
even instead of IIS. Basically I think the SBS web listener needs to be
changed, but if I try, my newly manually imported cert does not appear in the
list of available certs to change to so I am stuck.

If the certificate is properly installed in IIS, it should be available to ISA, since both are working off the same certificate store.

You did complete the IIS certificate request process, right? It knows that the request is pending, and the import should complete that process.

You can also look at the Certificate store directly, by running MMC, and adding the Certificates snap-in pointing it to the Local Computer account. You should find the SBS self-signed certificates, and the IIS imported real certificate under Personal Certificates.

You can also, if necessary, import the certificate directly from this snap-in too.

Could someone definitively say whether the Connect To Internet wizard for
SBS2003PremiumSP1/ISA2004 works properly when importing a .cer file back from
my CA, and what kind of .cer file should I be asking for from my CA? Should I
ask for IIS6 compatible or SBS2003 or ISA2004 or something else?
And if, as I suspect, actually the ConnectToInternet wizard does not
correctly deal with ISA2004, could someone tell me what I do next?

The only change in ISA is to associate the two SBS web listeners to the new external certificate. It's easy enough to do this directly in the ISA Management MMC.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.
.

Relevant Pages

  • RE: Activesync + OWA + SSL Cert key
    ... "no certificate has been requested for the default site in IIS. ... Am I right that the steps I should take is, go through the WSC wizard to ... the wsc wizard on the default website I should run the Internet and Email ... install the certificate on the Windows SBS server. ...
    (microsoft.public.windows.server.sbs)
  • RE: SSL for Exchange stops WSUS
    ... Do you use a commercial certificate that was bought from third party ... When we run the CEICW wizard and choose create a new web server certificate ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: Exchange public folder admin, OWA and SSL
    ... DONT follow the 3rd party's instructions for installing certificate on IIS.. ... Run the CEICW ("connect to the internet" wizard) and use this to add the ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2k3 CA - How can I issue a *.ourdomain.com certificate ?
    ... the CEICW Wizard will configure the RRAS component to be the basic firewall. ... I.How many NIC are installed on the SBS 2003 server box? ... On the Web Server Certificate page shows. ...
    (microsoft.public.windows.server.sbs)
  • RE: Activesync + OWA + SSL Cert key
    ... cert is not accepted by the IIS cert wizard: ... the root cause should be the .cer certificate. ...
    (microsoft.public.windows.server.sbs)