none
Expiring Certificate in Threat Management Gateway workgroup configuration

    Question

  • Can someone point me to documentation on how to renew a expiring certificate in a Threat Management Gateway in an workgroup configuration.   The certificate is tied to the ISASTGCTL service.

    Thanks in advanced.

    Friday, May 03, 2013 1:56 PM

All replies

  • Hi,

    you can use the ISACERTTOOL to renew the certificate on the TMG Server:
    http://www.microsoft.com/en-us/download/details.aspx?id=20136
    http://tmgblog.richardhicks.com/2009/03/05/isa-server-2006-workgroup-deployment-certificate-renewal/


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

    Sunday, May 05, 2013 6:01 PM
  • Hi Marc,

    My client does not allow to use  ISACERTTOOL on their production environment . Is there any other way to renew server certificate on TMG forefront servers in workgroup deployment.

    I have 2 load balanced (NLB) TMG servers (one primary and other secondary node). Please share the steps that how to renew the expiring certificate on both of these servers. 

    Can a single certificate e.g server01.workgroupname.local which is issue by internal CA (with the same workgroup) can be installed on both the TMG servers or do i need to issue 2 different certificates for both the servers and then install them individually.

    your quick response is much appreciated. 

    Regards

    Lalit

    Wednesday, May 14, 2014 11:07 AM
  • You need to manually install the certificate then.

    See http://technet.microsoft.com/en-us/library/ee658148.aspx for install instructions and http://technet.microsoft.com/en-us/library/ee658141.aspx for creating the certificates.

    You need one server cert for each array member issued to the fqdn of the member it is supposed be installed on. You also need to make sure that root and enterprise (if applicable) ca are installed on all array members.


    Hth, Anders Janson Enfo Zipper

    Wednesday, May 14, 2014 11:54 AM
  • Thanks a Lot Anders but I could not understand "one server cert for each array member issued to the fqdn of the member" . Does it mean

    1 . different certificate for each array member (i.e server01.workgroup.local for server01 and server02.workgroup.local for server02)?    

                            OR

    2. Single server certificate (server01.workgroup.local) for both the servers. server01 in the primary member of the array.

    I am asking this because at present I can see that there is same server certificate present (i,e server01.workgroup.local) on both the servers under ADAM_ISASTGCTRL\personal certificate store.

    could you please throw some light on it.

    Thanks and regards

    Lalit

    Wednesday, May 14, 2014 12:26 PM
  • Option 1

    Hth, Anders Janson Enfo Zipper

    Thursday, May 15, 2014 12:56 PM
  • Thanks a Lot Anders.. :-)

    Wednesday, May 21, 2014 10:17 AM