Click Add, then double-click Certificates, choose Computer Account, then Finish. Click "Close" and then "OK". Expand the Certificates node, then expand the Personal node beneath it.

On the right side, you should see at least one certificate listed. Choose the certificate that belongs on the ISA server and right click it. Choose All Tasks and then Export.

When the wizard starts, press "Next". Choose the "Yes, export the private key" option and press "Next". In the next screen, select "Personal Information Exchange - PKCS #12 (.PFX)" and the only box you should check is "Enable strong protection". Leave any other boxes unchecked. Press "Next". Choose a password for your PFX file (be sure to write this password down, or use something you can remember) and press "Next". Choose a filename for your PFX and press "Next". Press Finish and your certificate and key will be in a PFX file in the location you specified.

Click Add, then double-click Certificates, choose Computer Account, then Finish. Click "Close" and then "OK". Expand the Certificates node, then expand the Personal node beneath it.

In the right pane, right click anywhere in the empty space. Choose All Tasks and then Import.

When the Certificate Import Wizard starts, click "Next". When it asks for your PFX, click browse and navigate to where you saved it on the ISA server. You may need to press the drop down box and choose PFX format so that you can see your PFX. Press "Next".

Type the password that you gave when you created the PFX. We recommend checking the "Mark this key as exportable" option so that you can export it later. Press "Next". In the next screen, "Place all certificates in the following store" should be selected, and below it, the Personal node should also be selected. Press "Next". Press "finish" on the next screen and your certificate has been successfully imported.

Download the Trustwave Intermediate here.

Move the file onto the Windows Server and complete the following steps:

Double-click the xroot.crt certificate and click "Install Certificate". Press "Next", and then choose "Place all certificates in the following store".

Click "Browse", and then "Show Physical Stores". Click the plus (+) sign next to "Trusted Root Certification Authorities" and click "Local Computer" underneath it. Click "OK", then "Next" and then "Finish".

Open the ISA Manager and right click the server which will need to accept SSL connections. Choose "Properties" and then click the "Incoming Web Requests" tab. Click the Internet Protocol (IP) address entry for the site that you are going to host. If you do not have individual IP's set, then choose "all IP addresses". Click Edit, and click "Use a server certificate to authenticate web users". Then click "Select", choose the certificate that you just imported, and then click "OK". Click the Enable SSL Listeners so that it is checked.

If you want to use SSL bridging, you can move on to the next step now. SSL bridging means that incoming requests over HTTPS will reach ISA and then ISA will communicate over HTTPS with your web server on the back-end.

If you want the HTTPS connection to terminate at the ISA server and allow the ISA server to communicate insecurely with the web server on the back-end, double click the Web Publishing Rule" that routes the SSL traffic. On the Bridging tab, choose the option to redirect SSL requests as "HTTP Requests". Click "OK".

VERY IMPORTANT: To complete the installation, you must reboot the entire ISA server. Restarting the ISA service will not completely install your certificates. The entire server must be rebooted.