For those who think they can install a CNG (V3) Certificate on the new ISA server, Forefront Threat Management Gateway 2010, think again!
Yuri Diogenes's Blog (on TechNet) explaines some further details on this matter:
Today I was assisting a friend of mine here from TMG team that was facing this issue, same issue that was also mentioned on this thread. The problem was happening when using Cryptography Next Generation (CNG) or also called V3, TMG was not recognizing the private key and was showing up this error message. This is a known issue because TMG (and ISA) don’t support CNG (V3 Certificates). This is well documented under the unsupported documentation here:
Forefront TMG does not support CNG certificatesIssue: Forefront TMG does not support the use of certificates created using CNG (Certificate New Generation) based templates for Web listeners or as client certificate authentication in Web publishing or Web chaining rules. Cause: CNG certificates are not usable by Forefront TMG. Workaround: Create certificates using Windows 2000 or Windows 2003 templates. From: http://technet.microsoft.com/en-us/library/ee796231.aspx#dfg9o9i8uuy6tre |
![MC900434839[1]](http://blogs.technet.com/cfs-file.ashx/__key/CommunityServer-Blogs-Components-WeblogFiles/00-00-00-62-77-metablogapi/1108.MC900434839_5B00_1_5D00_.png "MC900434839[1]")
Again, make sure to read this unsupported document before deploy TMG, there you will find the official statement from TMG Product Team about what it is supposed to work and what it is not.
Source: Incorrect Key Type when Creating a Web Lister on TMG using V3 Certificate
Geen opmerkingen:
Een reactie posten