ISA presenting internal certificate RRS feed

  • Question

  • I have an interesting one.  I'll admit first off I'm not completely proficient on ISA as I should be.  Now, I have ISA 2006 SP1 publishing the Web Components of an OCS 2007 Consolidated Enterprise Pool. 


    When Communicator clients come in through Edge, they get the dreaded "Cannot Download Address Book" error.  When I test the reverse proxy via the web, I get challenged correctly, and I do authenticate fine.  But get an error saying the certificate is not trusted.  When I look at the certificate, it is the certificate of the internal pool that is assigned to the actual pool FQDN (which does resolve to the FQDN of the front end) of pool01.company.com (I know, split dns...yuck!).  Shoudn't it be the external certificate on the listener?


    On ISA, I have a SAN certificate with the reverse proxy address (ocsrp.domain.com) in the SAN.  The listener looks to be proxying correctly, but for whatever reason the certificates do not match.  I have installed the root certificate from the internal CA (which issued the certificate to the IIS server) into the local computer Trusted Root Certification authorities store on ISA.


    What am I missing here?



    Thursday, October 30, 2008 4:52 PM

All replies