- Besides the certificate delivered for my organization, there was an "intermediate certificate" that I had to install on the Exchange server first. Therefore, we have to install two certificates on the ISA server: a) the intermediate certificate and the b) certificate issued to the organization. It is possible that other certificate authorities operate differently, in which case there may only be one certificate to install.
- Since I saved the intermediate certificate obtained from the certificate authority, I do not need to export it from the Exchange server. In the process described below, I will simply import it as I did on the Exchange server.
- Although the external domain name on my certificate ( mail.mydomain.net ) is that of a domain used solely for practice, I have proceeded as I usually would when posting "private" information on the Internet: the name has been erased.
- Lastly, the operations described below take place in the CERTMGR console. You access this console by typing "mmc" (without quotes) in the Start | Run box. You then add the Certificate Manager console, making sure to use the "Local Computer" option. The certificates in question should be placed in the local computer certificate store and not in the personal user store. I will make the assumption that the reader either knows how to perform this operation or is able to find the information online or elsewhere.
Assuming that the intermediate certificate is still available (we could export it from the Exchange server otherwise) there are 3 steps to the process:
- Export the organization's certificate from the Exchange 2007 server
- Import the intermediate certificate on the ISA 2006 server.
- Import the organization's certificate from the Exchange 2007 server
1. Export certificate from Exchange 2007 server
1.a - Export your certificate from the Exchange 2007 server (in the certificate manager console).
On the "Welcome" page, click "Next".
1.c Export extended properties.
1.d Enter a password to protect the private key. Click "Next" and "Finish" as needed.
2. Import the intermediate cert on the ISA 2006 server.
2.a On the ISA server, in the CERTMGR.MSC, browse to the "Certificates" subfolder of the "Intermediate Certification Authorities" parent folder. Select "All Tasks", then "Import":
2.b Browse to the location where you placed the intermediate certificate provided by the third party certification authority. You may have to select the "PKCS #7" option to see the certificate.
2.c Add the selected certificate to the Intermediate Certification Authorities store:
Click "Next" or "Finish" as needed.
3. Import the organization's certificate.
3.5 The imported certificate should now appear in the folder.