locked
OCS Web Access ISA 2006 Cert Import RRS feed

  • Question

  • I'm not able to get OCS desktop sharing to work using the CWA. There are so many damn places to put certs I'm starting to lose my mind. Just when I think I have the right cert on the ocsweb, as well as DNS CNAME as and download pointing there, it appears I'll need to update another cert on ISA. I am weak on ISA so importing doesn't seem to work as the exported cert from ocsweb server comes up as invalid. In general (I had to pay MS to help me) the ISA forwad rule works and I'm pretty sure, this is the last place where I'm having a problem. How do you import and make valid a cert using the MMC on ISA 2006? I'm not seeing the usual request .txt to copy and paste through 3rd party Cert provider.
    Monday, July 20, 2009 9:25 PM

Answers

  • To elaborate a bit on what La Fetch said:

    On the CWA server open the mmc and add the local computer certificates store. Under the personal certificates folder, Right click on the correct cert and choose Export and mark the key as exportable.

    Copy the PFX file that wizard saves to the ISA 2006 server.

    On the ISA 2006 server open the mmc and add the local computer certificates store. Under the personal certificates folder, right click and choose import, choose the PFX file you copied over and run through the import wizard.

    Now you have to modify the listener on the ISA server with the newest certificate.

    Tuesday, July 21, 2009 11:27 PM

All replies

  • Although not specifically OCS-related, take a look at this blog article, it may help you with the process: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=49.  The most important piece is to make sure you have the private marked as exportable so that it can be imported into the ISA server.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, July 20, 2009 10:17 PM
    Moderator
  • The way we did it was we took the cert request from our public CA which is entrust. From there we took the txt file and finished the request on a internal CWA server. Once that was complete we exported the cert making sure you mark as private and all worked well. From there you just copy the file to the ISA server and import as normal.
    La Fletch
    Tuesday, July 21, 2009 9:45 PM
  • To elaborate a bit on what La Fetch said:

    On the CWA server open the mmc and add the local computer certificates store. Under the personal certificates folder, Right click on the correct cert and choose Export and mark the key as exportable.

    Copy the PFX file that wizard saves to the ISA 2006 server.

    On the ISA 2006 server open the mmc and add the local computer certificates store. Under the personal certificates folder, right click and choose import, choose the PFX file you copied over and run through the import wizard.

    Now you have to modify the listener on the ISA server with the newest certificate.

    Tuesday, July 21, 2009 11:27 PM