RE: Generating a certificate request for OWA

  • From: "Wayne Berry" <wayne@xxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 2 Feb 2005 21:07:40 -0800

This is the article:

 

http://www.isaserver.org/articles/2004owapub.html

 

By Thomas W Shinder M.D.

 

So I guess its' Tom's article, this section:

 

16) Click the Select button. In the Select Certificate dialog box, click on
the OWA Web site certificate that you imported into the ISA Server 2004
firewall's machine certificate store and click OK. Note that this
certificate will appear in this dialog box only on after you have installed
the Web site certificate into the ISA Server 2004 firewall's machine
certificate store. In addition, the certificate must contain the private
key. If the private key was not included, it will not appear in this list.

 

Could use a little work - not to be too picky however I find that if you let
an idiot (like me) read your article you can find some stuff that makes
sense to you, however not the idiot.   Or, maybe we need a link here to
another article about how to export .pkf (In addition, the certificate must
contain the private key) files from IIS and get them into ISA server 2004
right.

 

-Wayne

The ISAPI Dev lurking on the ISA Admin List

 

 

  _____  

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Wednesday, February 02, 2005 6:25 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Generating a certificate request for OWA

 

http://www.ISAserver.org

Hi Wayne,

 

Which article? I've done about a hundred on this issue, are you talking
about the five part series? Are you talking about the I did, or one that
someone else did? I don't write all of them. 

 

Thanks!

Tom

 

  _____  

From: Wayne Berry [mailto:wayne@xxxxxxxxxx] 
Sent: Wednesday, February 02, 2005 2:02 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Generating a certificate request for OWA

http://www.ISAserver.org

One More Thing, 

"Export that certificate WITH ITS PRIVATE KEY to a file." = .pfx file.  If
you have that extension you are doing great.  I notice that Tom S. article
on the ISAServer.org web site doesn't really go into depth about this step,
how to, file name etc, and it would really help if you add a 100 words
there.  From the guy that just did it three days ago.

-Wayne

The ISAPI Dev Lurking on the ISA Admin List

 

  _____  

From: Steve Moffat [mailto:steve@xxxxxxxxxx] 
Sent: Wednesday, February 02, 2005 11:55 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Generating a certificate request for OWA

 

http://www.ISAserver.org

Arggggghhh...another one.

 

Here's how you do it:

Example: owa.domain.com

Request and bind a Web site certificate to the OWA site, make sure the
common name on the certificate is owa.domain.com

Export that certificate WITH ITS PRIVATE KEY to a file.

Import the certificate with its private key into the ISA firewall's machine
certificate store.

Create the OWA Web publishing rule. Bind the OWA Web site certificate to the
Web listener.

Make sure the Public Name you use for the Web Publishing Rule is EXACTLY THE
SAME as the common name on the certificate

Make sure the ISA firewall resolves the name of the OWA site to the actual
IP address of the site.

 

S

 

 

  _____  

From: Rob Moore [mailto:RMoore@xxxxxxxx] 
Sent: Wednesday, February 02, 2005 3:49 PM
To: ISA Mailing List
Subject: [isalist] Generating a certificate request for OWA

http://www.ISAserver.org

Hello all-- 

I'm generating a certificate request for my OWA server. I plan to install it
on my ISA 2004 server. The instructions for generating the request are not
entirely clear. In Microsoft's document it says, "if this certificate will
be exported to the ISA Server computer [it will], the name on the
certificate must match the name you use to publish the website in the Web
publishing rule." I've already created one incorrect request trying to
follow this. For the name on the request, should I look on the "To" tab for
the OWA publishing rule and use the server name I see there? (This is an
internal name, delta.afsc.local.) Or should I use the public name for the
server (owa.afsc.org)? Or something else all together?

Thanks, 
Rob 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
wayne@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
wayne@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts: