After the Certificate and the Private key file (.pfx) has been exported, the certificate must be imported to the ISA's Personal certificate store.
Create an MMC Snap-in for Managing Certificates
- From the Web server, click Start > Run
- In the text box, type mmc
- Click OK
- From the Microsoft Management Console (MMC) menu bar, select File > Add/Remove Snap-in
- Click Add
- From the list of snap-ins, select Certificates
- Click Add
- Select Computer account
- Click Next
- Select Local computer (the computer this console is running on)
- Click Finish
- In the snap-in list window, click Close
- In the Add/Remove Snap-in window, click OK
Import the Certificate with Private Key
- Open the Microsoft Management Console (MMC).
- On the left pane, click Certificates.
- On the right pane, double-click Personal.
- On the right pane, right-click Certificates and select All Tasks > Import (this opens the Certificate Import Wizard). Click Next.
- Browse to the certificate that you want to import and click Next.
- Enter the password used to secure the certificate for export and then click OK.
- To export the certificate again from this computer, select Mark the key as exportable.
- Select the option Automatically select the certificate store based on the type of certificate. (This ensures all the certificates in the certification path (Root, Intermediate, and Server) are stored in the proper place. Problems may occur if a certificate is placed in the wrong store.) Click Next.
- Click Finish. A message confirms successful import. Click OK.
Assigning the certificate on the ISA server
Open the ISA Manager and complete the SSL installation.
- Right-click the server that is going to accept the incoming connection, and then click Properties.
- Click the Incoming Web Requests tab.
- Click the Internet Protocol (IP) address entry for the site that will be hosted, or the all IP addresses entry if individual IP addresses have not been set up.
- Click Edit.
- Select the Use a server certificate to authenticate to web users check box.
- Click Select.
- Select the previously imported certificate.
- Click OK.
- Select the Enable SSL listeners check box.
- Expand the Publishing folder, and then click Web Publishing Rules.
- Double-click the Web publishing rule that will route the SSL traffic.
- On the Bridging tab, locate Redirect SSL requests as, and then select HTTP requests (terminate the secure channel at the proxy).
- Click OK.
- Restart the ISA Server.