Isa 2006 Certificate Private Key Handle Error
(Nederlands)Polska (Polski)România (Română)Singapore (English)Türkiye (Türkçe)Россия (Русский)ישראל (עברית)المملكة العربية السعودية (العربية)ไทย (ไทย)대한민국 (한국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語)香港特別行政區 (中文) Microsoft Home Ask a question Quick access Forums home Browse forums users FAQ Search related threads Remove From My Forums Answered by: Privat key handle error applying certificate in ISA2006 Skype for Business > Certificates Question 0 Sign in to vote Hi all,I'm trying to create a reverse proxy for OCS by making a web site firewall policy in ISA 2006 but I'm stuck with a private key handle error with one of my certificates. I am able to import it as a valid vertificate but once I would like to apply it on the listener in ISA I'm seeing the Private key handle error. The strange thing is that when I import my certificate on the ISA server, and I open the MMC certificate console it is recognised as a valid certificate. After importing it will be placed in the Personal folder of the Current User Certificates. So to make it selectable in the listerner configuration I'm moving it to the Personal folder of the Local Computer Certicates. I was following all the steps on the following sites but I'm still stuck with the private key handle error.http://www.microsoft.com/technet/isa/2004/plan/tscerts.mspxhttp://forums.microsoft.com/Ocs2007publicbeta/ShowPost.aspx?PostID=1768874&SiteID=57I have tried the folowing: creating and exporting the certificate from the IIS web server on the OCS machine, then importing it on the ISA machine exporting the private key with the certificate using the certificate wizard in OCS to create and export a certificate; this gives the same error in ISA using the right fully qualified name (subject name is public domain name, alternative name is intrnal OCS name) for the certificateThe strange thing is that
(Русский)ישראל (עברית)المملكة العربية السعودية (العربية)ไทย (ไทย)대한민국 (한국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語) HomeProductsLibraryLearnDownloadsSupportForums Ask a question Quick access Forums home Browse forums users FAQ Search related threads Remove From My Forums Answered by: Certificate marked as invalid - private key not installed Forefront > Forefront TMG and ISA Server Question 0 Sign in to vote Hi I have created a self signed cert using openssl and then converted the .key and .cer to .pfx. I need the cert for ssl over owa. I install the cert in local machine personal. When selecting a cert https://social.microsoft.com/Forums/en-US/ff3a2e63-7706-4b8a-932e-2fc7947c187c/privat-key-handle-error-applying-certificate-in-isa2006?forum=communicationsservercertificates for the listener it shows as invalid with the reason that the private key is not installed. What am I missing here? (ISA 2006) Thanks Thursday, September 29, 2011 1:14 PM Reply | Quote Answers 0 Sign in to vote That was it. Solution is not to run the install from the .pfx file but to https://social.technet.microsoft.com/Forums/forefront/en-US/b6f9f3fa-17d0-4ef5-9db3-0a24680bfa33/certificate-marked-as-invalid-private-key-not-installed?forum=Forefrontedgegeneral go into mmc certificates and go the store (local personal) and import the pfx into there. Why so touchy?? Thanks! Marked as answer by bbnpa Thursday, September 29, 2011 3:24 PM Thursday, September 29, 2011 3:24 PM Reply | Quote All replies 0 Sign in to vote Hi, please start the certificate MMC snap in on the ISA Server, select the local machine certificate store, open the imported certificate and check if you get the message that you have a private key for the certificate. Alternatly you can use SELFSSL from the IIS 6 Reskit to create a certificate or other tools. if you have an internal Windows CA you should use this CAto request a certificate for your ISA Serverregards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de Thursday, September 29, 2011 2:19 PM Reply | Quote 0 Sign in to vote You cannot choose a certificate on the Listener unless it has a private key associated with it. Thursday, Sept
I haven't seens a real need to upgrade to the newer TMG. The scenario is as follows: GoDaddy SSL Certificate Purchase Secure Exchange 2010 with cerficate for http://blog.fuelip.com/2011/05/isa-2006-and-exchange-2010-owa-ssl-publishing/ OWA Publish OWA via ISA using HTTPS GoDaddy has pretty good guides for downloading and installing the certifcate into IIS7 (assuming you're running Exchange 2010 on Windows 2008). When you try to publish the site using SSL via ISA 2006, ISA requires you to make it aware of the SSL certificate. This was not a requirement back in the day of ISA 2004. The world of IT seems to get isa 2006 more complicated with each revision. If you import the SSL certificate onto the ISA 2006 server by just double-clicking on it, ISA still will not be able to see the certifcate when you click on the Certificate tab for the Listener. The correct way to import the certificate is via MMC console. Load up the MMC Console, and add the Certificate snapin. Make sure you use Computer Account, and choose isa 2006 certificate This Computer. The certificate needs to be imported into the Personal section. Here is the important part. You need to import the certificate with the Private Key. How do you do this? If you don't, you'll probably have an error like: Private key handle error Private key not installed See below… Easy, go to Exchange Management Console on the server where you just imported the certificate. Do this by opening IIS, click on your server name on the left. Click on Server Certificates in the middle. Then click on Export in the right. This will allow you to export the GoDaddy Certificate you just purchased (or any other certificate for that matter), with a Private Key. You know when a private key is being exported because a password is needed. Save this certificate somewhere, and copy it to the ISA 2006 server. Armed with a certficate with Private Key, we can now import it into the Certificate store. Resuming from where we left off, right-click on the Personal certificate store, All Tasks, Import. Display all files (*.*), and select the certificate you just copied over. You will need to enter the password you set earlier. Click next and ensure the certificate is stored under Personal. Last step is to