Custom Certificate Request


This is just for my reference to share link for creating custom certificate for my TMG on doing reverse proxy for Lync

I always forgot the site and hardly to find. So I prefer to have and saved in my blog.


Exchange Server 2007 SP1 and ISA Server 2006 SP1(Continued…)

Continuing the discussion on previous post .

Other than publishing the firewall policy of SMTP 25, I need to configure Outlook Web Access 2007 (OWA) to be created using the Mail Publishing Wizard in ISA Server. This rule is staight forward. Before that, I must resolve the OWA url of internal network so that the users are easily to remember to browse or open their mail using OWA.  I prefer to use . This domain resolve my Client Access Server that runs OWA where I need to configure my internal DNS server. 

Then,  I need to create OWA certificate to be issued on the IIS of OWA 2007 which is at Client Access Server Role and make sure there is no security warning pop up when opening the OWA url (

Example of Publish certificate request by power shell command:

Certificate Resquest Saving into text (txt file)

Note: You need to install Certificate Service in order to issue the certificate. Usually using browser http://yourCAserver/certsrv . Afer issuing certificate, where at the end you save, “certnew.cer”, you need to issue on your OWA website on IIS.

After that, I export the certificate as including the private key

you need to set the private key as you prefer and proceed next until finish wizard. This certificate is important where ISA Server would ask this later.

When Publishing Mail rule policy, it is really straight forward. You need to have the certificate above to export in Personal folder of certificate and as I say earlier, you need the private key to include during you creating this on web listener as you go along with the creation of OWA publishing rule.

After that, you test the firewall policy using The Test Rule button

Finally, try to telnet port smtp 25 from public IP address.

Overview of Publishing OWA 2003 in ISA Server 2006 SP1

Publishing OWA 2003 in ISA server 2006 SP1 is simply easy and straightforward. However, what do the beginner need to publish OWA 2003. Of course, the one thing we need to do is, to import the certificate of Outlook Web Access into the ISA server. Most mistake they did was to renew the certificate of OWA. actually, we don’t need to renew the certificate. The only thing is to export the current certificate in to a .pfx file.How do you do that?

On Exchange Server:

  • you go to your frontend exchange server or your single exchange server where you set OWA FBA.
  • Open your Internet Information Services, and right click your exchange default website.
  • right-click properties and go to Directory Security.
  • Click Server certificate button, click next to start the wizard.
  • Choose “Export the current Certificate to a .pfx file”. Click Next.
  • Enter Path and filename you want to save. Let say, C:\owacertificate.pfx
  • set the password and confirm the password and click next until finish.

After that, import the “owacertificate.pfx” into your ISA Server. Remember, you import the certificate into “Personal”. Otherwise, once you try to publish the Exchange Client Access rule, the ISA server will not seeing your owacertificate. Please make sure you import the certificate in Personal folder.

Then, create your OWA publishing. To create the OWA publishing rule, DNS server in your internal DNS take the role as well as your public DNS. For example, if the public domain is “” , you need to resolve the domain to certain IP address and also your internal dns should work fine in order FQDN works properly so that it points to the correct internal domain which accordance to your OWA publishing. have a read on Split DNS. This link should solve your problems.

see you next time on this similar to topic later on.