Announcement

Collapse
No announcement yet.

Cannot renew certificate on ISA server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cannot renew certificate on ISA server

    Hi,
    First of all, sorry if this is the wrong place to post.

    I work in a school, and am having problems renewing a certificate. We have a Windows 2003 server running ISA 2004, and a 2003 DC which is also the CA. Both are running SP2. On the ISA server is a certificate for one of our websites which has expired. I have tried to renew the certificate (and also create a new one) to no avail.

    I receive a couple of errors: when trying to renew the certificate, 'You do not have permission to request a certificate based on the selected certificate template'; and when trying to create a new certificate, 'The certificate request could not be completed. The RPC server is unavailable'.

    I have tried several solutions, including editing the system policy and removing the 'Enforce strict RPC compliance' setting; creating an allow rule which allows all RPC communications on the internal network; and also I have also changed security settings in 'component services > Computers > My Computer > Properties > COM security' (sorry for vagueness, but I was just following instructions on a webpage) on both ISA and CA servers. None of these solutions worked.

    I have only limited knowledge of both ISA and certificates, so if you have any advice please do treat me like a child

    Thanks for your site, it's helped me immensely over the last year,
    Rick.

  • #2
    Re: Cannot renew certificate on ISA server

    Renew the Certificate from the Website (on IIS?).
    Export that certificate on the box and import it on the ISA server.

    reported for movement to security.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Cannot renew certificate on ISA server

      Hi,
      Thanks for the reply. I think I have now got it working. As I say I am a complete beginner at certificates, so I'm not sure if I've properly understood how it works.

      So our website is located on the CA server, and not the ISA one. This website has it's own certificate, issued to it (under IIS) as it's local name (IONA). Then for people to access this site outside of the school, we have set up a ISA rule which allows access via the website 24hrschool.brentford.hounslow.sch.uk and this has its own certificate.

      I have exported a certificate I found on IONA (hosts internal site) that was for 24hrschool.brentford.hounslow.sch.uk to our ISA server. I then imported this via the local certificates MMC, and used this certificate within ISA. It seems to be working fine now, is that ok? Sorry if that's confusing.

      If anyone has any advise for getting the certificates to renew on the ISA though, I'd be grateful.
      Rick.

      Comment


      • #4
        Re: Cannot renew certificate on ISA server

        sounds good
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Cannot renew certificate on ISA server

          OK, thanks again. I'll check it again tonight from home so that I know there's no conflict with viewing the site with my work credentials.

          Do you think it's the ISA firewall blocking me renewing the certificate direct from the ISA server, or perhaps a COM issue?

          Comment


          • #6
            Re: Cannot renew certificate on ISA server

            Here is a procedure about it.
            ISA won't block it.

            http://www.isaserver.org/articles/exportsslcert.html
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment

            Working...
            X