To start with AAAAAAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH. Ok now that that is out of the way here is my scenario: New install Exchange 2007 SP1 on a Server 2008 box, hub, mail, and client rolls installed on it. ISA 2006 with all updates installed on a Server 2003 SP2 box. I am having a heck of a time getting OWA to publish correctly, I think my biggest issue is our DN's are different externally and interally. External is ABCD.com and internal is alphabetacharliedelta.org. I'm creating the certificate as so New-ExchangeCertificate -GenerateRequest -SubjectName "DC=alphabetacharliedelta, DC=org, O=alphabetacharliedelta, CN=mail.ABCD.com" -DomainName mail.ABCD.com, smtp.ABCD.com, autodiscover.ABCD.com, ABCD.com, exc2007.alphabetacharliedelta.org, lrcrems -FriendlyName "mail" -PrivateKeyExportable $true -Path c:\mailcert7.req Yes thats attempt #7 ......after I started keeping track I make the cert with an internal CA, assign to the exchange 2007 box with no issues. Export the cert and private key onto the ISA 2006 box and everything seems fine andno yellow ! on the cert. Try to connect from external and recieve 500 error - The target principle name is incorrect. On ISA I see Log type: Web Proxy (Reverse) Status: 0x80090322 Rule: OWA 2007 Source: External (75.xxx.xxx.xxx) Destination: (10.0.0.xxx:443) Request: GET http://mail.ABCD.com/owa Filter information: Req ID: 175cb5d6; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=yes, valid=yes, updated=no, logged off=no, client type=public, user activity=yes Protocol: https User: alphabetacharliedelta\johndoe Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; Tablet PC 2.0; .NET CLR 1.1.4322; InfoPath.2; MS-RTC LM 8)o object source: Internet (Source is the Internet. Object was added to the cache.) Cache info: 0x0 Processing time: 15 MIME type: Now I can see that the GET request is HTTP?????? (but the names are right!!) Can anyone enlighten to what I am doing wrong please?

http://www.microsoft.com/technet/isa/2006/deployment/exchange.mspx do you have multiple names (SAN) on the internal cert? ISA have an issue with this http://blogs.technet.com/isablog/archive/2007/08/29/certificates-with-multiple-san-entries-may-break-isa-server-web-publishing.aspx

No multiple names except autodiscover.abcd.com As far as I can tell from the numerous deployement pages everything is correct. The only thing that I can see is that ISA 2006 refuses to redirect to https, instead is it is trying to resolve to http no matter what certificate I put in. This is the last cert I tried: New-ExchangeCertificate -GenerateRequest -SubjectName "DC=com,dc=ABCD,O=Alpa Beta Charlie Delta,CN=mail.abcd.com" -DomainName mail.abcd.com, exch2007,exch2007.alphabetacharliedelta.org, autodiscover.abcd.com -PrivateKeyExportable $true -Path c:\mailcert10.req

ISA is connecting to IIS with the name on the To tab on the publishing rule, this name must be the CN on the cert and it must also be the first subject alternate name listed. as described in the the link provided in my last post. in your case its mail.abcd.com