+ Post New Thread
Results 1 to 12 of 12
Windows Thread, ISA 2004 and SSL certs in Technical; I have recently bought an SSL cert from Thawte file extension .crt however having put it in trusted certificates and ...
  1. #1
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,205
    Thank Post
    223
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    30

    ISA 2004 and SSL certs

    I have recently bought an SSL cert from Thawte file extension .crt however having put it in trusted certificates and in personal certificates via the MMC snap-in however when I go to add the cert to a SharePoint weblistener in isa and go to the certificates tab and click to change it, it does not show up!?

    Wes

  2. #2

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    737
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Quote Originally Posted by wesleyw View Post
    I have recently bought an SSL cert from Thawte file extension .crt however having put it in trusted certificates and in personal certificates via the MMC snap-in however when I go to add the cert to a SharePoint weblistener in isa and go to the certificates tab and click to change it, it does not show up!?

    Wes
    Hi you need to refresh the isa console after installing the certificate or alternatively come out of the isa management console and re-launch it and try again.

    I think you only need to place the certificate in the personal store. You would need to install the thawte root cert in the Trusted Root Certification Authority if its not already there.

    HTH,

    Ash.

  3. #3

    Join Date
    Nov 2007
    Location
    Nottingham
    Posts
    116
    Thank Post
    7
    Thanked 23 Times in 14 Posts
    Rep Power
    17
    I used IIS SSL wizard to import our certifcate, thats the only way i could get it to show up in isa, then just remove the cert from the virtual folder in iis..

    shoddy work around but it worked for me

  4. #4
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,205
    Thank Post
    223
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    30
    Sadly Thawte is in the Trusted section still the cert doesn't show up!


    Wes

  5. #5
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,205
    Thank Post
    223
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    30
    @PRicho how did you do that?


    Wes

  6. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,091
    Thank Post
    855
    Thanked 2,680 Times in 2,273 Posts
    Blog Entries
    9
    Rep Power
    769
    Did you make sure to put it in the machine certificates store rather than the user one?

  7. #7
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,205
    Thank Post
    223
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    30
    Yes. However just realised my mistake if you export the cert via IIS it doesn't give you the option of exporting the private key along with it. If you use MMC and the snap in it does once I'd done that it worked fine. Now I have to sort out the problems I get when running the system via the external site url everytime I click on sections for SLG (SIMS web parts) it just states "unknown error" any thoughts?





    Wes

  8. #8

    Join Date
    Nov 2007
    Location
    Nottingham
    Posts
    116
    Thank Post
    7
    Thanked 23 Times in 14 Posts
    Rep Power
    17
    I think.. i just went onto the default website in IIS and ran through the web cert wizard, cant remember what format out cert was in though.

    Are you trying to make your SLG ssl secure? we are going to attempt to do this, capita have sent me some very vague instructions for changes we need to make to some webparts.

  9. #9
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,205
    Thank Post
    223
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    30
    We're setting up our sharepoint server published through ISA to allow parents, staff, pupils and governors access to the range of information and editing (in the case of teachers) attendance, assessment and profiles.

    How vague are they?


    Wes

  10. #10

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,645
    Thank Post
    895
    Thanked 1,314 Times in 798 Posts
    Blog Entries
    1
    Rep Power
    444
    Basically you need to make the cert for your IIS box's request not ISA's request. When you import the cert make sure its marked as exportable. Onces its imported then find the cert and export it with the private key (you will be asked to set a password)
    Once exported remove the cert from being the IIS cert of choice and use one that has been issued from you internal CA. Import the cert on ISA and then you should be able to use it there.
    I know isa-server.org has a guide on how to set this up for forms based auth using exchange and the procedure should be much the same I *think*.

  11. #11

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,091
    Thank Post
    855
    Thanked 2,680 Times in 2,273 Posts
    Blog Entries
    9
    Rep Power
    769
    Quote Originally Posted by wesleyw View Post
    Yes. However just realised my mistake if you export the cert via IIS it doesn't give you the option of exporting the private key along with it. If you use MMC and the snap in it does once I'd done that it worked fine. Now I have to sort out the problems I get when running the system via the external site url everytime I click on sections for SLG (SIMS web parts) it just states "unknown error" any thoughts?
    Not sure on this one as the error is rather unspecific . Could the webpart itself be pointing directly to an internal resource that it does not have access to when opened externally?

  12. #12
    wesleyw's Avatar
    Join Date
    Dec 2005
    Location
    Kingswinford
    Posts
    2,205
    Thank Post
    223
    Thanked 50 Times in 44 Posts
    Blog Entries
    1
    Rep Power
    30
    My thoughts exactly I think that the SLG webparts aren't setup to allow the external access mapping I've created.

    Wes

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 7
    Last Post: 4th August 2008, 01:50 PM
  2. ISA 2006 Publishing SSL Sites
    By ICTNUT in forum Windows
    Replies: 0
    Last Post: 15th November 2007, 12:09 PM
  3. ISA 2004
    By Gatt in forum How do you do....it?
    Replies: 25
    Last Post: 18th October 2007, 10:18 AM
  4. Tidying up ISA 2004
    By eejit in forum Windows
    Replies: 2
    Last Post: 29th January 2007, 01:20 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •