RE: Third-party certificate can't be imported?
- From: v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li [MSFT])
- Date: Tue, 25 Sep 2007 03:09:48 GMT
Hi Doug,
Thanks for posting in our newsgroup.
I am glad to know the problem is resolved. You did good job.
At somepoint the CEICW wizards allows you to select a server certificate
and/or gives you the option of importing a trusted certificate. But you are
unable to select the Thawte certificate for some odd reason.
The reason, as it turned out, is that the wizard apparently needs to see
some sign of a pending request in either the default website or in a
surrogate website. So you have to leave it in the pending state to be able
to run the wizard. Or you need to modify the ISA rules manually.
I'd like to give you additional information for your reference:
Windows Small Business Server Technical Library
http://technet2.microsoft.com/WindowsServerSolutions/SBS/en/library/4082d695
-2075-4ca0-8af8-99fd04b78b2d1033.mspx?mfr=true
How to install Small Business Server 2003 in an existing Active Directory
domain
http://support.microsoft.com/kb/884453/en-us
How to reset the default virtual directories that are required to provide
Outlook Web Access, Exchange ActiveSync, and Outlook Mobile Access services
in Exchange Server 2003
http://support.microsoft.com/kb/883380
Creating and Deploying Outlook Web Access Themes
http://technet.microsoft.com/en-us/library/9bb177d9-2bbe-4c01-bb21-2f6ce9608
9a8.aspx
Hope this helps.
If you have any questions in further, please don't hesitate to post in our
newsgroup.
Best regards,
Robert Li(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
<Thread-Topic: Third-party certificate can't be imported?
<thread-index: Acf+9JUJNIVK9qaBTz2x8xcjv3D7gQ==
<X-WBNR-Posting-Host: 207.46.19.168
<From: =?Utf-8?B?RG91ZyBMaXBwaQ==?= <DougLippi@xxxxxxxxxxxxxxxxxxxxxxxxx>
<References: <66CE1E8A-CB94-4E8E-AAA8-53D044873700@xxxxxxxxxxxxx>
<Subject: RE: Third-party certificate can't be imported?
<Date: Mon, 24 Sep 2007 14:48:02 -0700
<Lines: 31
<Message-ID: <381F1062-946E-4357-B60B-7351B6504FAA@xxxxxxxxxxxxx>
<MIME-Version: 1.0
<Content-Type: text/plain;
< charset="Utf-8"
<Content-Transfer-Encoding: 7bit
<X-Newsreader: Microsoft CDO for Windows 2000
<Content-Class: urn:content-classes:message
<Importance: normal
<Priority: normal
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2929
<Newsgroups: microsoft.public.windows.server.sbs
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:65289
<NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<Fortunately, I was able to resolve this matter myself. I changed the ISA
<publishing rules so that the To tab listed my public FQDN which matches
the
<FQDN on the cert. I then had to put a HOSTS entry for the public FQDN
that
<maps to the inside interface.
<
<It would be interesting to see if the CEICW does it this way, but I guess
<I'll never know.
<
<"Doug Lippi" wrote:
<
<> I used the IIS Certificate wizard to create a certificate request to be
sent
<> to Thawte. I did the Thawte part and received the certificate from
them. I
<> then returned to IIS and installed the certificate. I realize now that
this
<> was not the correct way to go for SBS since ISA did not get configured
to use
<> the new certificate. So I try to import it using the CEICW it says:
<>
<> "No certificate has been requested for the default Web site in Internet
<> Information Services (IIS).
<> To use a Web server certificate from a trusted authority, you must first
<> create a request for a certificate by using the Web Server Certificate
Wizard
<> in IIS. You can then run this wizard again to configure the default Web
site
<> to use a trusted authority."
<>
<> So I thought I'd try to edit the ISA firewall rules manually by changing
the
<> listeners to use the Thawte certificate instead of the self-signed one
used
<> previously. This gets the Welcome to SBS 2003 page to work, but not OWA
or
<> RWW (browser returns Error Code 500 Internal Server Error - the Target
<> Principal Name is incorrect). The Paths tab are at /* and /* so I don't
know
<> why OWA and RWW do not work.
<>
<> Stuck.
<
.
- Prev by Date: Re: ISA 2004
- Next by Date: RE: Exchange Questions
- Previous by thread: how to get exchange to see new default mail address?
- Next by thread: Backup Email
- Index(es):
Relevant Pages
|
