"No certificates configured on this server" error message when you try to select an SSL certificate in the ISA Server 2000 Management Console

When you use the Microsoft Internet Security and Acceleration Server (ISA) 2000 Management Console to select a Secure Sockets Layer (SSL) certificate for a new listener in the ISA Server Properties dialog box, the SSL certificate is not recognized, and you receive the following error message:

This issue occurs if the certificate was imported without a private key or if it was imported to the wrong certificate store.

To resolve this issue, make sure that you have imported the correct private key file for the Web site certificate. Also make sure that the private key file is imported to the local computer certificate store instead of to the Web Proxy service certificate store.

Note The private key file is a .pfx file.

You import a certificate to the Web Proxy service certificate store only when you want to permit the Web Proxy service to use client certificate authentication to authenticate against a Web site on your internal network. For additional information about publishing a Web site that requires clients to use certificates for authentication, click the following article number to view the article in the Microsoft Knowledge Base: For additional information about how to configure Internet Security and Acceleration Server to host Web sites using SSL, click the following article number to view the article in the Microsoft Knowledge Base: When you have imported the certificate and the private key to the local computer certificate store, follow these steps to correctly configure the Incoming Web Requests listener:

1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Server Management.
2. In the ISA Management Console, expand Servers and Arrays, right-click your ISA server or array, and then click Properties.
3. In the ISA Server Properties dialog box, click the Incoming Web Requests tab. To add a new interface to listen for requests for the internal Web server, click Add. If the interface already exists, click the interface that you want the certificate to be associated with, and then click Edit.
4. In the Add/Edit Listeners dialog box, click the internal server name in the Server list, and then click the IP Address of the internal server in the IP Address list.
5. In the Add/Edit Listeners dialog box, click to select the Use a server certificate to authenticate to Web clients check box, and then click Select to select the certificate.
6. In the list of certificates, click the certificate that you imported, and then click OK.
7. The certificate name now appears in a text box in the Add/Edit Listeners dialog box. Click OK.
8. In the ISA Server Properties dialog box, click the Incoming Web Requests tab, and then click to select the Enable SSL listeners check box. Click Apply, and then when the ISA Server Warning dialog box appears, click Save the changes and restart the service(s) to restart the Web Proxy service. Click OK.
9. Click OK to close the ISA Server Properties dialog box.

This behavior is by design.

For additional information about using ISA to securely publish multiple Web sites in Microsoft Windows 2000, click the following article number to view the article in the Microsoft Knowledge Base: For additional information about using ISA to securely publish multiple Web sites in Microsoft Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base: For additional information about publishing SSL Web sites by using Server Publishing, click the following article number to view the article in the Microsoft Knowledge Base: