0

I'm running into a problem here, and I'm positive it's simply that I'm not doing something correct (as opposed to it not working). I have a current Exchange 2007 server setup with a third party cert for it on TMG. I'm currently testing Exchange 2010 and wanted to test OWA and Activesync as well (I'm the only mailbox on the server so far). For the life of me I can't figure out how to issue a self-signed cert and install it on the TMG server so that when i go to "mail.company.com" it likes it.

I've done quite a bit of looking online but so far have yet to get a working solution. My last attempt I did this:

Open Chrome, attempt to go to mail.company.com. It sees the cert as not trusted, i then export that cert to the desktop (this was done from my PC).

Copy that cert to the TMG server. Open up certmgr and add that certificate to the Personal/certificate group (via import). Import was successful and I now see that cert as well as the working Exchange 2007 cert in there that folder.

Open Forefront TMG and go to Firewall policy, add a new Web Listener, require SSL, select All Networks, click select certificates and I see the current 2007 Exchange cert there from the 3rd party, but not the one I just imported.

What am I missing here? I do see that the certs in there that are available (and currently being used) are all "Class 3 International Server" certs, if that is relevant. The one I imported is issued by our Domain Controller. I just want to try to use the self signed cert for testing, to make sure it all works before moving forward. We will eventually just edit our current Exchange cert to work with the new Exchange server.

It's been awhile since I messed with this, and I'm obviously missing something. If anyone could point me in the right direction I would appreciate it. Thanks!

Don
  • 838
  • 8
  • 19
  • 33

1 Answers1

0

You need to place the certificate in the "Computer" account and not the user account. Do do that

  • run "MMC"
  • Click on File.Add/Remove Snapins
  • Add the "Certificates" snap in and when prompted select "Computer account" rather than the default "My user account"
  • Click Finish
  • In the tree on the left, expand the Certificates node
  • Right click the "Personal" node and select All Tasks -> Import

From there the import procedure is similar to what you have already done.

After than it should appear in the list of certs.

Note that you also may need to add it to the trusted list

Phil
  • 3,168
  • 1
  • 22
  • 29
  • Maybe I've just not added it to the trusted list then...where would I go about doing that? I did actually select Local Computer when I created the MMC snap-in though, and looking at it it shows "Certificates (Local Computer)" so I assume it's in the right spot (?). Thanks for the quick response, Phil. – Don Jan 05 '12 at 17:46
  • its just below the personal node in the tree – Phil Jan 05 '12 at 17:51
  • I've added it in, but it's still not showing when i go to add the Web Listener... thoughts? – Don Jan 05 '12 at 19:31
  • if you have more than one server in your group you need to make sure it is added to both servers and it is definitely trusted – Phil Jan 06 '12 at 16:40