After TMG 2010 mysteriously failed to start firewall service I have identified that there are some firewall rules/web listeners possibly corrupted. I have fixed that and proceeded to troubleshoot and I have suspected problems with certificates. So I decided to create certificates from scratch and import them in TMG 2010 (as it has worked for number of years since ISA 2004).
I have followed the pretty much know procedure of requesting certificate from IIS server, installing it at IIS, exporting it with private key and importing it to TMG however I cannot link certificate to listener as TMG says it has Incorrect Key Type.
One thing indeed changed which is that we had reinstalled our PKI (Microsoft Windows 2008 R2). So basically keys that have been issued and imported to TMG (long ago) seem to be working fine. I however, cannot import the new one.
I have searched the Internet a lot but for no avail. The only particular thing I found is that TMG doesn't work well with CNG (version 3) certificates. I have looked into certificates quite well and found only significant difference between working ones and not working ones in the order of properties.
I don't think my CA is issuuing version 3 certificates but I am not 100% sure.
Any ideas how I can verify this or any idea what else could be wrong with the certificate so TMG cannot recognize it?
Many thanks.
Oggi