locked
Update an SSL Certificate on an ISA server RRS feed

  • Question

  • We have a Windows Server running Oracle Web Server.  It hosts an HTTPS page.  That page is presented through an ISA server.  Our SSL certificate is about to expire.  Since I wasnt the one who originally set this up, I dont know the process.  It looks to me like the certificate lives on the ISA server, and I dont need to do anything on the windows with oracle server.  If that is the case, do I simply open up Certificates in an MMC and import the renewed certificate, then activate it within ISA?
    Friday, March 23, 2012 8:07 PM

Answers

  • I'm sorry, but none of the above is accurate.  To begin with, you do have to add your new certificate in the Certificates MMC on the ISA server.  However, it is important to note that you have to import a full keypair file.  In order to do this, you have to create a CSR request on any server.  Once completed you have to apply the new certificate and its associated bundle to the generating server.  Now that it has a full certificate, you have to export the certificate as a PCX file.  Now you can import it on to the ISA server and use it for the web site being presented.

    Second, you do not have to even have the certificate on the web server.  In this case, nobody knew how to open the key locker on the oracle server.  Instead I did the above steps on IIS within a Windows XP virtual machine.  Everything worked fine.


    • Marked as answer by The Phoenix Monday, March 26, 2012 2:33 PM
    • Edited by The Phoenix Monday, March 26, 2012 2:34 PM
    Monday, March 26, 2012 2:33 PM

All replies

    • Proposed as answer by Meinolf Weber Saturday, March 24, 2012 11:36 AM
    Friday, March 23, 2012 9:45 PM
  • Hi,

    Yes, about the SSL certificate on ISA server. You could open up certificates in MMC and replace the expired certificate with the new certificate.

    However, we also need to make sure that the certificate on Windows Server running Oracle Web Server should agree with the certificate on ISA server.

    In short, certificate on both servers should agree with each other.

    Regards,
    James


    James Xiong

    TechNet Community Support

    Monday, March 26, 2012 9:13 AM
  • I'm sorry, but none of the above is accurate.  To begin with, you do have to add your new certificate in the Certificates MMC on the ISA server.  However, it is important to note that you have to import a full keypair file.  In order to do this, you have to create a CSR request on any server.  Once completed you have to apply the new certificate and its associated bundle to the generating server.  Now that it has a full certificate, you have to export the certificate as a PCX file.  Now you can import it on to the ISA server and use it for the web site being presented.

    Second, you do not have to even have the certificate on the web server.  In this case, nobody knew how to open the key locker on the oracle server.  Instead I did the above steps on IIS within a Windows XP virtual machine.  Everything worked fine.


    • Marked as answer by The Phoenix Monday, March 26, 2012 2:33 PM
    • Edited by The Phoenix Monday, March 26, 2012 2:34 PM
    Monday, March 26, 2012 2:33 PM