RE: OWA Publishing

  • From: "Spencer Read \(Nemesis\)" <ser@xxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 1 Mar 2005 15:14:05 -0000

IT WORKS!!!!!!!!!!!!!!
I would like to say a big thanks to everyone - especially Wayne!

I didn't recognise the difference between owa.nemesisgb.com cert and
nemesisgb.com as the cert register.
Probably been looking at it for way too long :)

Once I'd got my head round that and restarted the Isa services all is
now good!

Thanks again to everyone.

...Spence 

-----Original Message-----
From: Wayne Berry [mailto:wayne@xxxxxxxxxx] 
Sent: 01 March 2005 14:41
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OWA Publishing

http://www.ISAserver.org

Spence,

Well I am not a pro, however I believe you need the nemeisgb.com
certificate register in your Trust Root Cert, and the owa.nemeisgb.com
certificate in the personal.  

Basically, certificates are wrapped in other certificates.  So the
owa.neeisgb.com certificate is wrapped in the nemeisgb.com (that is what
'issued by' means).  To validate the Personal, you need to Trust the
Root (the issuer).

The reason you are having trouble, is that ISA tears down the SSL
connection and recreates it and ISA is not able to valid the
owa.neeisgb.com since it doesn't know how to Trust the nemeisgb.com cert
since it isn't installed in the Trust Roots.

This is where my knowledge tapers, since if you use Verisign, Microsoft
ships there Root Cert in the Trusted Roots, and if you use a third
party, then they tell you and give you their Trusted Root certificate to
install in your Root Certs.  So you need to find your Trust Root
Certificate and install it on the ISA as a Trust Root Cert, however I
don't know where you would get it from.

-Wayne

-----Original Message-----
From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx]
Sent: Tuesday, March 01, 2005 6:27 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OWA Publishing

http://www.ISAserver.org

I am 99% sure I have done this correctly but I'm still open to
suggestions.

2 screen prints from my ISA server showing the certs.

http://www.elan-technology.com/nemesisgb/ISAcert.jpg
http://www.elan-technology.com/nemesisgb/ISACertpersonal.jpg 

I'm putting good money on me being really stupid and not spotting the
obvious!

Oh well - at least I've done it once - to do it again won't take long!

...Spence

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: 01 March 2005 12:57
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OWA Publishing

http://www.ISAserver.org

Hi Spence,

No problem with frying up your own certs. Just make sure the CA
certificate of the CA that issued the Web cert is in the ISA firewall's
Trusted Root Certificate Authoities cert store.

HTH,
 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


-----Original Message-----
From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx]
Sent: Tuesday, March 01, 2005 6:55 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OWA Publishing

http://www.ISAserver.org

Tom,

Sorry, I created the cert myself - missed that off last time.
I only created one cert and imported that into the ISA server.

The bit that is confusing me is that the reboot screwed this up!

...Spence

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: 01 March 2005 12:46
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: OWA Publishing

http://www.ISAserver.org

Hi Spence,

If the CA certificate that issued the Web site certificate installed on
the ISA firewall?

Thanks! 


Tom
www.isaserver.org/shinder
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7
MVP -- ISA Firewalls


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ser@xxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx





------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
wayne@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ser@xxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 03-2005