Re: Failure installing SSL certificate on SBS2003PremSP1 (incl. IS
- From: lyj_e1 <lyje1@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 10 May 2006 11:50:02 -0700
Hi,
I've had a similar problem which started with activesync 4.1 not accepting
my wm5 pda. I decided to purchase a CA SSL key and replace the self cert on
my sbs 2003 server. This is where the problems have started.
I followed the same route as posted by Alex. Removed the self cert and
requested a CSR. Purchased a third party Cert and installed it on the default
web site. However when I go and run the Internet and Email wizard it won't
accept the 3rd party SSL cert. I imported the cert into the personal section
using the Certificates snap-in. However under ISA 2004 sbs web listener, it
doesn't show up in the SSL list to choose from. What do I need to do?
When I go to https://mail.servername.com/exchange it brings up an error
code: 403 forbidden. Also the security ssl cert still shows up as the self
cert.
I have googled for 3 days looking for a solution or instructions to what
seemed like a common straight forward task. Please help!
Lyj
"Steve Foster [SBS MVP]" wrote:
Alex wrote:.
I have spent most of Friday, all Monday and two days previously trying to
get
a CA generated SSL cert to import into the ConnectToInternet wizard. It is
a
nightmare. All Friday and Monday and two chaps at MS Partnet support (in
India I think) have been trying to help.
Basically I generate the certreq.txt as per CtoI wizard help instructions,
send it off to my CA, I get back a .crt file or a .cer file. This will
Which CA?
manually import into IIS6 but never into the CtoI wizard. I also think that
it is critical to get it working through the SBS wizard and not manually in
the IIS wizard because clearly ISA2004 needs some configuring done as well
or
even instead of IIS. Basically I think the SBS web listener needs to be
changed, but if I try, my newly manually imported cert does not appear in
the
list of available certs to change to so I am stuck.
If the certificate is properly installed in IIS, it should be available to
ISA, since both are working off the same certificate store.
You did complete the IIS certificate request process, right? It knows that
the request is pending, and the import should complete that process.
You can also look at the Certificate store directly, by running MMC, and
adding the Certificates snap-in pointing it to the Local Computer account.
You should find the SBS self-signed certificates, and the IIS imported
real certificate under Personal Certificates.
You can also, if necessary, import the certificate directly from this
snap-in too.
Could someone definitively say whether the Connect To Internet wizard for
SBS2003PremiumSP1/ISA2004 works properly when importing a .cer file back
from
my CA, and what kind of .cer file should I be asking for from my CA?
Should I
ask for IIS6 compatible or SBS2003 or ISA2004 or something else?
And if, as I suspect, actually the ConnectToInternet wizard does not
correctly deal with ISA2004, could someone tell me what I do next?
The only change in ISA is to associate the two SBS web listeners to the
new external certificate. It's easy enough to do this directly in the ISA
Management MMC.
--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.
- Follow-Ups:
- Re: Failure installing SSL certificate on SBS2003PremSP1 (incl. IS
- From: Steve Foster [SBS MVP]
- Re: Failure installing SSL certificate on SBS2003PremSP1 (incl. IS
- Prev by Date: Re: Server Performance Evaluation
- Next by Date: Re: Problem in Exchange, not many info in logs, please help!
- Previous by thread: Re: Problem in Exchange, not many info in logs, please help!
- Next by thread: Re: Failure installing SSL certificate on SBS2003PremSP1 (incl. IS
- Index(es):
Relevant Pages
|
