Hi, I've had a look through the documentation on the ISAServer.org regarding this topic. We've got a strange situation - well not strange but I can't get ISA working in this way. o Internal bridge exchange with SSL to publish Outlook Web Access - Installed the public SSL cert on this server. o ISA Server using web publishing to publish https://xxx/exchange through to the internal OWA. o Unfortunately we use this certificate for other sites etc on the public side, so I can't server publish port 443 directly through. -Exchange 2000 SP3 -ISA SP1 The reason I had to install the certificate on the internal OWA server was that I found, Microsoft in their wisdom tries to detect is this is an SSL connection, if not it redirects to a non-ssl URL (And since it's SSL up to the ISA server this failed) First I thought I might get clever - maybe they were checking the port number to work out if it's SSL or not, so I changed the Exchange server to publish OWA on port 443 then push through a SSL->HTTP request (terminating the SSL on the ISA server) - this didn't work, it still tried via http://xxx:443/exchange. DUH! So I installed the certificate on the Exchange server and configured ISA to map SSL->SSL. Now when I connect to https://xxx/exchange I get the following error: 500 Internal Server Error - The target principal name is incorrect. (-2146893022) Internet Security and Acceleration Server This got me wondering, was ISA in fact just routing through to the back or was it passing through the /exchange part too. Turning on