Microsoft Internet Security & Acceleration (ISA)


About the ISA Server

There is no need to make a CSR on the Microsoft ISA server itself. The recommended procedure is to create a CSR on your actual webserver and install it there. From there, you can export the certificate and import it into the ISA server.

Since many customers with ISA also use IIS, follow these three sets of documentation to install your certificate on the ISA server:

  • Create a CSR on Microsoft IIS
  • Install an SSL Certificate on Microsoft IIS
  • Export the certificate from IIS and import into ISA
  • Export From IIS: Open IIS Manager and select your server that you will be exporting the certificate from. In the middle window pane select Server Certificates. Select a certificate and click Export from the Actions pane. In the export certificates dialog box, type the filename and type a password in the password box.

    Import to ISA: Copy the PFX from your IIS Server and save it on the ISA Server. Go the Start menu, click Run, type MMC and press enter. In the File menu, choose "Add/Remove Snap-in".

    Click Add, then double-click Certificates, choose Computer Account, then Finish. Click "Close" and then "OK". Expand the Certificates node, then expand the Personal node beneath it.

    In the right pane, right click anywhere in the empty space. Choose All Tasks and then Import.

    When the Certificate Import Wizard starts, click "Next". When it asks for your PFX, click browse and navigate to where you saved it on the ISA server. You may need to press the drop down box and choose PFX format so that you can see your PFX. Press "Next".

    Type the password that you gave when you created the PFX. We recommend checking the "Mark this key as exportable" option so that you can export it later. Press "Next". In the next screen, "Place all certificates in the following store" should be selected, and below it, the Personal node should also be selected. Press "Next". Press "finish" on the next screen and your certificate has been successfully imported.

    Creating an SSL listener

    If you already have a listener configured with a certificate from Trustwave® or another provider, skip to the next section.

    Open the ISA Manager and right click the server which will need to accept SSL connections. Choose "Properties" and then click the "Incoming Web Requests" tab. Click the Internet Protocol (IP) address entry for the site that you are going to host. If you do not have individual IP's set, then choose "all IP addresses". Click Edit, and click "Use a server certificate to authenticate web users". Then click "Select", choose the certificate that you just imported, and then click "OK". Click the Enable SSL Listeners so that it is checked.

    If you want to use SSL bridging, you can move on to the next step now. SSL bridging means that incoming requests over HTTPS will reach ISA and then ISA will communicate over HTTPS with your web server on the back-end.

    If you want the HTTPS connection to terminate at the ISA server and allow the ISA server to communicate insecurely with the web server on the back-end, double click the Web Publishing Rule" that routes the SSL traffic. On the Bridging tab, choose the option to redirect SSL requests as "HTTP Requests". Click "OK".

    Completing the installation

    First, back up the PFX file which you created and used to export/import your certificate. This will come in handy if there is ever an issue on your web server or the ISA server.

    VERY IMPORTANT: To complete the installation, you must reboot the entire ISA server. Restarting the ISA service will not completely install your certificates. The entire server must be rebooted.

Working with webservers other than IIS

If you use ISA with a webserver besides IIS, please contact Trustwave® Support for additional instructions on how to move your certificate from your webserver to the ISA server.



Certificate Analyzer

Once you have completed your certificate installation you can use our instant online troubleshooter to verify your installation and help resolve problems.
Certificate Analyzer→

Go Green