SSL certificate for 2nd Exchange OWA

5 pts.
Exchange security
ISA Server
Microsoft Exchange
Network Load Balancing
NLB cluster
Outlook Web Access
SSL Certificates
Hi all, Our external users access their email via I am adding a second owa server to our domain for redundancy. The nlb cluster established on the 2 owa servers works fine. In front of the OWA servers is an ISA server that connects to the internet. The ISA connects to OWA using SSL bridging. The first OWA server has a certificate installed for https access to email. My questions are: 1) On the new OWA server do I need to create and submit a new certification request to the CA ? Or can I just export the cert + private key from the first OWA server to the new one ? 2) On the ISA server, do I need to export the cert+private key from the new OWA server and import into ISA?

Answer Wiki

Thanks. We'll let you know when a new response is added.

There are special multi-server certificates. You will need to get a different kind of certificate for this use. And yes, the certificate will need to be imported on the ISA server.

Actually, looking at the URL you mention (/exchange) you’re dealing with Exchange 2003. The only certificate needed for this version of exchange is the actual IIS certificate. This certificate is requested from for example the first Exchange 2003 OWA server using the IIS admin interface. This request is either processed on your own internal PKI if you have one, or you sent it to an external trusted CA like Verisign or Comodo or any other available out there.
Once you get the certificate back (you have this already) you complete the Cerrtificate request on that same IIS server.
Once you have the certificate installed, you open MMC and in MMC you load the Certificate snap-in and connect to the local computer account.
In the Certificate Management console you see several certificate folders. Open the Personal\Certiicates folder. In there you see the certificate for your URL-cn “”. Right-click that cert and choose “All Tasks –> Export”. Export the certificate including the private key. On the next screen choose to “include all certificates in the certification path if possible”. You can choose (recommendded) to password protect the exported certificate.

Once you have the exported PFX file, copy that file to your second OWA and your ISA server(s).
Open the MMC on these servers and install that exported certificate into each computer’s local, personal certificate store.
Once installed/imported into the local personal store you can install that certificate in IIS on the second OWA server using the IIS Management Console.
On the ISA Server you can now create a OWA Pulishing rule and create a listener for your OWA requests. On that listener you can choose to require SSL and select the installed certificate.

I hope this helps you to complete your task.

Discuss This Question:  

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: