renewed Thawte SSL Web certificate on ISA 2006 - This certificate cannot be verified up to a trusted certification authority

Question

We have recently renewed a Thawte SSL Web Server Certificate. After installing on the Web Server (Windows Server 2003), the certificate works fine if I publish directly to the server through ISA 2006.

However, we are required to use a Web Listener with ISA to publish our web server. I had exported the SSL certificate from the web server and installed on the ISA server as we ususally have in previous years during the renewal process. This rule worked fine with the old certificate that was about to expire, but with the new certificate, when clients connect to the website they get a warning about the certificate that states "This certificate cannot be verified up to a trusted certification authority."

When i view the certification path on the client, it shows only www.mydomain.ca and no other CA in the certification path.

This happens with IE, Chrome, Safari, etc. Firefox did not seem to have this issue.

I found a similiar thread on the ISAServer.org forums here: http://forums.isaserver.org/Certificate_problems_after_renewal/m_2002102813/tm.htm

I'm wondering if anyone has had a similar issue themselves and found a solution?

JoshODBrown · Accepted Answer · 2010-08-25T05:50:08.970

2

After verifying that the intermediate CAs were installed correctly, our best guesses were that maybe a reboot on the ISA Server would help fix the chaining issue. I was finally able to schedule a brief outage tonight to do the reboot, and Bingo! Everything is working correctly now.

Used this Thawte KB article to verify the CAs that needed to be installed, and one that needed to be disabled. This can be used for ISA Server as well https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO15171&actp=search&viewlocale=en_US&searchid=1282614432001

Cheers!

edited Aug 25 '10 at 05:50

answered Aug 25 '10 at 05:25

JoshODBrown

335
4
13

A step by step procedure on how to install the intermediate certificates: [link](http://davidmtechblog.blogspot.com.br/2013/05/exchange-2007-sp3-isa-publish-owa.html) – Adriano P Jan 21 '14 at 05:05

score 1 · Answer 2 · answered Aug 25 '10 at 04:35

1

I can't provide detailed recommendations for ISA 2006. Nevertheless, it sounds like the root certificate chain is not up to date for the issuing CA for your Thawte certificate. I suspect Thawte could provide more detailed support.

answered Aug 25 '10 at 04:35

Warner

23,440
2
57
69

renewed Thawte SSL Web certificate on ISA 2006 - This certificate cannot be verified up to a trusted certification authority

2 Answers2