[ExchangeList] Re: Exchange 2007 ssl issue

  • From: William T Holmes <wth1@xxxxxxxxxxx>
  • To: "exchangelist@xxxxxxxxxxxxx" <exchangelist@xxxxxxxxxxxxx>
  • Date: Fri, 9 Jan 2009 11:41:36 -0500



So you did New-ExchangeCertificate -GenerateRequest C:\certrequest.csr ...  and requested the certificate from a certificate Authority Correct?

You need to Import the Signed Certificate with the Import-ExchangeCertificate commandlet

Then you need to enable the certificate for the appropriate services using Enable-ExchangeCertificate


This will take care of the exchange side of things.


However as you have mentioned ISA you need to export the certificate and install it on the ISA server.


Start and MMC and install the Certificates Snap In and select the local system as the target.


Expand the list and find the personal store (this is the computer's personal certificate store). You should see listed the certificate you just installed.

Right click on the certificate and select Export from the context Menu.

Select Export Private Key and a transit  password and a filename. Export the certificate.


Move the file to the ISA server and start MMC and Certificates. Again target the local machine. Then right click on the personal store and select Import.

Import the certificate you copied from the exchange server.


Then you can select the certificate for the ISA Web listener.




From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Patrick
Sent: Friday, January 09, 2009 11:13 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: Exchange 2007 ssl issue


I created the  request for a certificate on the exchange server. I think the next stage will be to import the cert and install it on isa


From: William T Holmes <wth1@xxxxxxxxxxx>
To: "exchangelist@xxxxxxxxxxxxx" <exchangelist@xxxxxxxxxxxxx>
Sent: Friday, January 9, 2009 3:45:18 PM
Subject: [ExchangeList] Re: Exchange 2007 ssl issue



How did you create the certificate? Did you create a request for the certificate on the exchange server or the ISA server?




From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Patrick
Sent: Friday, January 09, 2009 9:56 AM
To: exchangelist@xxxxxxxxxxxxx; exchangelist@xxxxxxxxxxxxx; msexchange@xxxxxxxxxxxxx
Subject: [ExchangeList] Exchange 2007 ssl issue


Hi Guys,


I just need a bit of clarity on this. Why MS has decided to change things, beats me. We are looking to publish owa through isa 2006.

Exchange 2007 was installed with the default certificate applied during installation. Now we have created a request for a CA sll which has just arrived.


We are looking to publish owa for start, then move on to other things ie ActiveSync. Now my questing is how you got about this to get things to work.


We already have a dns name called owa.jackmurray.com, which the Certificate was created in, now how do we go about getting this to work, and also would applying this new certificate disbale the default one. Please setps would be very helpful, I am finding it dificult to understand why ms has made thinsg so complicated.









Other related posts: