Question : OWA - The certificate is not valid for the requested usage

Let me start by saying that I am not the sharpest knife in the drawer when it comes to Certificates and PKI and I give up on this one...

I am in the process of migrating to Exchange Server 2007 SP3 from 2003. All has gone really smothly with the exception of OWA. We are using ISA2006 as our firewall solution. OWA worked flawlessly with 2k3. I have not changed anything as far as the cert on the web listener in ISA which is the same cert that is on the default website on the 2k3 box. I disabled the 2k3 publishing rule and created a new one using the existing web listener. When OWA clients attempt to access their mailbox which has been moved to the 2k7 box they are presented with the ISA FBA logon screen as always. After entering creds they are presented with the following error in their web browser:

Error Code: 500 Internal Server Error. The certificate is not valid for the requested usage. (-2146892983)

When I test the rule in ISA it fails (screenshot attached). I copied the cert by exporting to *.PFX on the old mail server and importing on the new one. I also googled the problem and ran this command in powershell with no errors:


Enable-ExchangeCertificate -Thumbprint {thumbprint} -services "SMTP,IIS.IMAP,POP"

Anyone have any ideas?

Capture.JPG (42 KB) (File Type Details) 

Rule Test

Answer : OWA - The certificate is not valid for the requested usage

Refer this article:
http://help.godaddy.com/topic/742/article/4877

to install the Go Daddy certificate on the Exchange 2007