All of this is thoroughly documented on www.isaserver.org in many articles. If I had to guess, I have written over 30 articles covering this issue.
-----Original Message----- From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Saturday, June 21, 2008 7:37 PM To: NT System Admin Issues Subject: RE: OWA 2003 wildcard cert and isa 2006 As I mentioned in my previous posts, what are the actual names of your servers and what's in the CN field of each certificate? External User ---> (1) ISA Server ---> (2) Exchange Your public mail server name (owa.domain.com) would point to the external interface of ISA Server (1). The certificate installed on ISA Server would then need to be *.domain.com ISA Server then needs to bridge the SSL connection to Exchange. You need to tell Exchange how it connect to Exchange (e.g. exchange.domain.local). The certificate installed on Exchange must have the CN field set to "exchange.domain.local" As for untrusted Starcom certs - did you install the entire certificate heirachy into the server hosting IIS? Cheers Ken > -----Original Message----- > From: Glen Johnson [mailto:[EMAIL PROTECTED] > Sent: Sunday, 22 June 2008 12:15 AM > To: NT System Admin Issues > Subject: RE: OWA 2003 wildcard cert and isa 2006 > > Ken. > Here is the status. > Wildcard cert on the ISA and standard StartCom cert on exchange and it works > both internally and externally, although obviously internal users get prompted > that the cert is not trusted. > Wildcard cert on both ISA and exchange and I get this error from external. > > * Error Code: 500 Internal Server Error. The target principal name is > incorrect. (-2146893022) > > Internal, not going through the ISA server, it works with the wildcard cert on > exchange. > > I can live with the StartCom cert on exchange and wildcard cert on ISA as most > people that have complained about the cert not being trusted are external > users anyway. > > Thanks for any advice. > > Glen. > > > ________________________________ > > From: Ken Schaefer [mailto:[EMAIL PROTECTED] > Sent: Thu 6/19/2008 10:24 PM > To: NT System Admin Issues > Subject: RE: OWA 2003 wildcard cert and isa 2006 > > > > Wildcard certs work just fine on ISA Server 2006 (I'm using one myself right > now). > > Service Principal Names (SPNs) have nothing to do with certs per se. > > What is the exact error you are getting and from where? > > Cheers > Ken > > > -----Original Message----- > > From: Glen Johnson [mailto:[EMAIL PROTECTED] > > Sent: Thursday, 19 June 2008 9:55 PM > > To: NT System Admin Issues > > Subject: OWA 2003 wildcard cert and isa 2006 > > > > The subject say it all. We've been successfully running OWA behind ISA > > 2006 with a free cert from Startcom but for other reasons we had to > > purchase a cert form a more widely trusted authority. > > I installed the wildcard cert on the exchange server and tested it > > internally and it worked fine. > > Exported the cert from exchange and installed it on the ISA box. > > Reconfigured the SSL listener to use the new cert but am getting an > > error about service principal name when trying to access OWA from > > outside the ISA server. > > I found several references that this did not work on ISA 2004 and > > earlier but is supported on 2006 but no info on what to troubleshoot or > > settings to check if it doesn't. > > Any suggestions greatly appreciated. > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
