[isalist] Re: Server 2008 Cert request
- From: Steve Moffat <steve@xxxxxxxxxx>
- To: ISA Mailing List <isalist@xxxxxxxxxxxxx>
- Date: Tue, 25 Nov 2008 09:16:47 -0400
http://www.ISAserver.org
-------------------------------------------------------
If it's to be done correctly...
http://technet.microsoft.com/en-us/library/bb310769.aspx
S
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Tuesday, November 25, 2008 1:59 AM
To: ISA Mailing List
Subject: [isalist] Re: Server 2008 Cert request
http://www.ISAserver.org
-------------------------------------------------------
Where is powershell a requirement?
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Steve Moffat
Sent: Monday, November 24, 2008 6:52 PM
To: ISA Mailing List
Subject: [isalist] Re: Server 2008 Cert request
http://www.ISAserver.org
-------------------------------------------------------
You need to assign the cert and then export via powershell as far as I remember.
S
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Peter J. Persing
Sent: Monday, November 24, 2008 7:39 PM
To: ISA Mailing List
Subject: [isalist] Re: Server 2008 Cert request
http://www.ISAserver.org
-------------------------------------------------------
Thanks for your reply Jim,
The reason I was running this on the ISAServer was that when I attempt
to run the request on the Certificate Server the minute I select the web
server template it marks the keys non-exportable. This approach worked
in Server 2003.
Pete
On the desert in New Mexico
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Monday, November 24, 2008 4:01 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Server 2008 Cert request
http://www.ISAserver.org
-------------------------------------------------------
No catch-22; you're trying to shortcut the process.
Go to the cert request page, build a web server cert and allow the cert
to be imported (should go to local machine store).
Once you complete this, you should be able to export the cert with the
private key to a pfx file.
It's this file that you want to carry to the ISA and import into the
local machine store.
Jim
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Peter J. Persing
Sent: Monday, November 24, 2008 1:19 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Server 2008 Cert request
http://www.ISAserver.org
-------------------------------------------------------
Hi Tom,
I have a Windows Server 2008 Certificate Server running in a domain. I
have ISAServer 2006 running on a domain member. I need to issue a new
cert for the web listener but I can't get-r-done. When I bring up the
web enrollment page I can type in all the data but (of course) I can't
save the request to a file. So I go through the web submission and it
returns the page "Install Certificate", but no option to say where,
local computer or current User. So with the only option to punch the
button I do that and the cert winds up in the current User store. It
looks ok, has the key, so I move it to the local machine store. When I
go into the listener to select the certificate, and after I uncheck
"only show valid certificates" it shows the certificate error "Private
key handle error". Now as I recall the solution for this error was to
use the certificate snap-in to import it from a file again, but of
course we don't have a file anymore (Catch 22). I re-issued the cert;
same thing. Any suggestions?
As an aside, I read your series "Publishing Exchange 2007 OWA, Exchange
ActiveSync and RPC/HTTP using the 2006 ISA Firewall" a while back and by
the time I was half way through I was laughing so hard the tears were
running down my face. Your observations on "Power Hell" broke me up!! I
am hoping that MSFT has seen the light and will be correcting some of
those issues in rollup 4 if it ever gets straightened out enough to
apply.
Pete
On the desert in New Mexico
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
