IT WORKS!!!!!!!!!!!!!! I would like to say a big thanks to everyone - especially Wayne! I didn't recognise the difference between owa.nemesisgb.com cert and nemesisgb.com as the cert register. Probably been looking at it for way too long :) Once I'd got my head round that and restarted the Isa services all is now good! Thanks again to everyone. ...Spence -----Original Message----- From: Wayne Berry [mailto:wayne@xxxxxxxxxx] Sent: 01 March 2005 14:41 To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA Publishing http://www.ISAserver.org Spence, Well I am not a pro, however I believe you need the nemeisgb.com certificate register in your Trust Root Cert, and the owa.nemeisgb.com certificate in the personal. Basically, certificates are wrapped in other certificates. So the owa.neeisgb.com certificate is wrapped in the nemeisgb.com (that is what 'issued by' means). To validate the Personal, you need to Trust the Root (the issuer). The reason you are having trouble, is that ISA tears down the SSL connection and recreates it and ISA is not able to valid the owa.neeisgb.com since it doesn't know how to Trust the nemeisgb.com cert since it isn't installed in the Trust Roots. This is where my knowledge tapers, since if you use Verisign, Microsoft ships there Root Cert in the Trusted Roots, and if you use a third party, then they tell you and give you their Trusted Root certificate to install in your Root Certs. So you need to find your Trust Root Certificate and install it on the ISA as a Trust Root Cert, however I don't know where you would get it from. -Wayne -----Original Message----- From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx] Sent: Tuesday, March 01, 2005 6:27 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA Publishing http://www.ISAserver.org I am 99% sure I have done this correctly but I'm still open to suggestions. 2 screen prints from my ISA server showing the certs. http://www.elan-technology.com/nemesisgb/ISAcert.jpg http://www.elan-technology.com/nemesisgb/ISACertpersonal.jpg I'm putting good money on me being really stupid and not spotting the obvious! Oh well - at least I've done it once - to do it again won't take long! ...Spence -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: 01 March 2005 12:57 To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA Publishing http://www.ISAserver.org Hi Spence, No problem with frying up your own certs. Just make sure the CA certificate of the CA that issued the Web cert is in the ISA firewall's Trusted Root Certificate Authoities cert store. HTH, Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: Spencer Read (Nemesis) [mailto:ser@xxxxxxxxxxxxx] Sent: Tuesday, March 01, 2005 6:55 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA Publishing http://www.ISAserver.org Tom, Sorry, I created the cert myself - missed that off last time. I only created one cert and imported that into the ISA server. The bit that is confusing me is that the reboot screwed this up! ...Spence -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: 01 March 2005 12:46 To: [ISAserver.org Discussion List] Subject: [isalist] RE: OWA Publishing http://www.ISAserver.org Hi Spence, If the CA certificate that issued the Web site certificate installed on the ISA firewall? Thanks! Tom www.isaserver.org/shinder Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ser@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: wayne@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ser@xxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx