Microsoft ISA 2000 Server

Instructions to install certificates on Microsoft ISA 2000 Server

You must first export the SSL certificate of the IIS 4.x / IIS 5.x / IIS 6.x Web site with the associated Private Key. If you do not have this key, ISA server will not allow you to use this certificate for SSL:



NOTE: If you do not have the option to export the Private key then the private key has already been exported to another computer or the key never existed on this computer. You cannot use this certificate on ISA Server. You must request a new certificate for this site for ISA Server.



NOTE: Ensure that you keep the file safe the SSL protocol depends upon this file.

Copy the file that you created to ISA Server.


On the ISA Server, open the MMC:

Now you will need to import the root and intermediate certificates.


On the Microsoft ISA Server:



To install the UTN-USERFirst-Hardware.crt Certificate:


To install the Digi-SignCADigi-SSLXp.crt or Digi-SignCADigi-SSLXs.crt:



Important: You must now restart the computer to complete the install.

Under the Personal folder, when a subfolder called 'Certificates' is displayed, click "Certificates" and verify that there is a certificate with the name of the Web computer.

Right-click the certificate and then click Properties.

If the 'Intended Purposes' field of the certificate is set to 'All' rather than a list of specific purposes, the following steps must be followed before ISA Server can recognize the certificate:

In the Certificate Services snap-in, open the Properties dialog box of the relevant certificate. Change the Enable all purposes for this certificate option to the Enable only the following purposes option, select all of the items, and then click Apply.


Open the ISA Manager and complete the SSL install:



Restart ISA Server.