Tuesday, July 30, 2013

Microsoft Forefront TMG 2010 invalid certificate

In this case Forefront TMG 2010 was installed on Windows Server 2008 R2, and for web publishing purposes (rule), server certificate from public CA was installed in local machine store. The certificate request was created with mmc using custom certificate request. Private key was successfully associated with certificate, but from TMG console this certificate was invalid with incorrect key type:


The reason for this behavior is that during custom certificate create wizard on custom request page for template was chosen CNG key instead Legacy key. Forefront TMG does not support certificates created with CNG http://technet.microsoft.com/library/ee796231.aspx?lc=1031#dfg9o9i8uuy6tre.

Another important worth to notice is that for Private Key (tab) options for the Key type usage must be selected Exchange instead the default one Signature :


Step by step instruction how to create certificate request using mmc can be found on one of my previous posts http://vstepic.blogspot.com/2011/12/how-to-request-san-certificate-using.html .

No comments:

Post a Comment