http://www.ISAserver.org ------------------------------------------------------- But you have to import into Exchange & export out with PS, or you can't export the Private Key..I found out the hard way.... Yabiggernut..:) -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Tuesday, November 25, 2008 10:32 AM To: ISA Mailing List Subject: [isalist] Re: Server 2008 Cert request http://www.ISAserver.org ------------------------------------------------------- That's for importing into Exchange; not ISA (yanut)... -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat Sent: Tuesday, November 25, 2008 5:17 AM To: ISA Mailing List Subject: [isalist] Re: Server 2008 Cert request http://www.ISAserver.org ------------------------------------------------------- If it's to be done correctly... http://technet.microsoft.com/en-us/library/bb310769.aspx S -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Tuesday, November 25, 2008 1:59 AM To: ISA Mailing List Subject: [isalist] Re: Server 2008 Cert request http://www.ISAserver.org ------------------------------------------------------- Where is powershell a requirement? -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Steve Moffat Sent: Monday, November 24, 2008 6:52 PM To: ISA Mailing List Subject: [isalist] Re: Server 2008 Cert request http://www.ISAserver.org ------------------------------------------------------- You need to assign the cert and then export via powershell as far as I remember. S -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Peter J. Persing Sent: Monday, November 24, 2008 7:39 PM To: ISA Mailing List Subject: [isalist] Re: Server 2008 Cert request http://www.ISAserver.org ------------------------------------------------------- Thanks for your reply Jim, The reason I was running this on the ISAServer was that when I attempt to run the request on the Certificate Server the minute I select the web server template it marks the keys non-exportable. This approach worked in Server 2003. Pete On the desert in New Mexico -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Monday, November 24, 2008 4:01 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Server 2008 Cert request http://www.ISAserver.org ------------------------------------------------------- No catch-22; you're trying to shortcut the process. Go to the cert request page, build a web server cert and allow the cert to be imported (should go to local machine store). Once you complete this, you should be able to export the cert with the private key to a pfx file. It's this file that you want to carry to the ISA and import into the local machine store. Jim -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Peter J. Persing Sent: Monday, November 24, 2008 1:19 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Server 2008 Cert request http://www.ISAserver.org ------------------------------------------------------- Hi Tom, I have a Windows Server 2008 Certificate Server running in a domain. I have ISAServer 2006 running on a domain member. I need to issue a new cert for the web listener but I can't get-r-done. When I bring up the web enrollment page I can type in all the data but (of course) I can't save the request to a file. So I go through the web submission and it returns the page "Install Certificate", but no option to say where, local computer or current User. So with the only option to punch the button I do that and the cert winds up in the current User store. It looks ok, has the key, so I move it to the local machine store. When I go into the listener to select the certificate, and after I uncheck "only show valid certificates" it shows the certificate error "Private key handle error". Now as I recall the solution for this error was to use the certificate snap-in to import it from a file again, but of course we don't have a file anymore (Catch 22). I re-issued the cert; same thing. Any suggestions? As an aside, I read your series "Publishing Exchange 2007 OWA, Exchange ActiveSync and RPC/HTTP using the 2006 ISA Firewall" a while back and by the time I was half way through I was laughing so hard the tears were running down my face. Your observations on "Power Hell" broke me up!! I am hoping that MSFT has seen the light and will be correcting some of those issues in rollup 4 if it ever gets straightened out enough to apply. Pete On the desert in New Mexico ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx