ISA 2004 and SSL certs

[wesleyw]

I have recently bought an SSL cert from Thawte file extension .crt however having put it in trusted certificates and in personal certificates via the MMC snap-in however when I go to add the cert to a SharePoint weblistener in isa and go to the certificates tab and click to change it, it does not show up!?

Wes

[spc-rocket]

I have recently bought an SSL cert from Thawte file extension .crt however having put it in trusted certificates and in personal certificates via the MMC snap-in however when I go to add the cert to a SharePoint weblistener in isa and go to the certificates tab and click to change it, it does not show up!?

Wes

Hi you need to refresh the isa console after installing the certificate or alternatively come out of the isa management console and re-launch it and try again.

I think you only need to place the certificate in the personal store. You would need to install the thawte root cert in the Trusted Root Certification Authority if its not already there.

HTH,

Ash.

[PRicho]

I used IIS SSL wizard to import our certifcate, thats the only way i could get it to show up in isa, then just remove the cert from the virtual folder in iis..

shoddy work around but it worked for me

[wesleyw]

Sadly Thawte is in the Trusted section still the cert doesn't show up!


Wes

[wesleyw]

@PRicho how did you do that?


Wes

[SYNACK]

Did you make sure to put it in the machine certificates store rather than the user one?

[wesleyw]

Yes. However just realised my mistake if you export the cert via IIS it doesn't give you the option of exporting the private key along with it. If you use MMC and the snap in it does once I'd done that it worked fine. Now I have to sort out the problems I get when running the system via the external site url everytime I click on sections for SLG (SIMS web parts) it just states "unknown error" any thoughts?





Wes

[PRicho]

I think.. i just went onto the default website in IIS and ran through the web cert wizard, cant remember what format out cert was in though.

Are you trying to make your SLG ssl secure? we are going to attempt to do this, capita have sent me some very vague instructions for changes we need to make to some webparts.

[wesleyw]

We're setting up our sharepoint server published through ISA to allow parents, staff, pupils and governors access to the range of information and editing (in the case of teachers) attendance, assessment and profiles.

How vague are they?


Wes

[ZeroHour]

Basically you need to make the cert for your IIS box's request not ISA's request. When you import the cert make sure its marked as exportable. Onces its imported then find the cert and export it with the private key (you will be asked to set a password)
Once exported remove the cert from being the IIS cert of choice and use one that has been issued from you internal CA. Import the cert on ISA and then you should be able to use it there.
I know isa-server.org has a guide on how to set this up for forms based auth using exchange and the procedure should be much the same I *think*.

[SYNACK]

Yes. However just realised my mistake if you export the cert via IIS it doesn't give you the option of exporting the private key along with it. If you use MMC and the snap in it does once I'd done that it worked fine. Now I have to sort out the problems I get when running the system via the external site url everytime I click on sections for SLG (SIMS web parts) it just states "unknown error" any thoughts?

Not sure on this one as the error is rather unspecific . Could the webpart itself be pointing directly to an internal resource that it does not have access to when opened externally?

[wesleyw]

My thoughts exactly I think that the SLG webparts aren't setup to allow the external access mapping I've created.

Wes