We are working on implementing SSL for our OWA server but are having problems that so far anything online hasn't been able to get us in the right direction. We are getting access internally when we use https://mailservername/exchange but when we use the internet name https://www.domain.biz/exchange we end up with the error "500 Internal Server Error - The certificate chain was issued by an untrusted authority. (-2146893019)". In order to keep the peace and current OWA traffic going, we are not forcing a secure channel for the Exchange folders in IIS. With that said, the browser error now states "500 Internal Server Error - The target principal name is incorrect. (-2146893022)". Don't know if that means anything for now but I wanted to add it for troubleshooting purposes if it did mean something. We don't see this error when secure channels are established on the Exch virtual folders in IIS. We are using the server name as the Issuer and www.domain.biz as the common name (issued to) when generating our certificate. Originally I set it up backwards because I misread the instructions/how-to but later recreated it to correct. Incidentally, we still see the old certificate out there and although we've deleted it, somehow it still sees it. IS that an issue? When viewing the certificate on the ISA Server we look at the Certification Path and notice that our Issuer is stated as "OK" but the exported certificate (pfx) states that it "cannot be verified up to a trusted certification authority". We look at our certmgr.msc and see everything where it's suppose to be )or thought to be). On our ISA Server is the following: Personal-Certificates: I see the exported certificate. Trusted Root Certification Authority-Certificates: I see the new and old CA, also see the exported certificate. I ran the certutil on our Win2k3/Exch 2k3 server on both certificates and the CA didn't seem to report anything wrong, although there's alot of cryptic information that's beyond me but overall it didn't appear troubling. I then ran it on our exported cert and got back the following: C:\>certutil -verify -urlfetch c:\exchsvr.pfx LoadCert(Cert) returned ASN1 unexpected end of data. 0x80093102 (ASN: 258) CertUtil: -verify command FAILED: 0x80093102 (ASN: 258) CertUtil: ASN1 unexpected end of data. Earlier I was in fear of a DNS issue and tried setting up a slit-dns but with no luck. Not that split-dns didn't work, I think I wasn't doing it right since my DNS knowledge/setup is only basic and primarily done internally. There is no reference to our extranet domain in our internal DNS. I can't worry about than until I figure out what happened to my Cert Server. Can anyone help guide me to a solution with this? If you need more info then just ask. I'm not sure how much more to give but am willing to indulged those who need it. Thank you, Nick Clark