Announcement

Collapse
No announcement yet.

Certificate issue with Public Folders

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Certificate issue with Public Folders

    Hi Everyone,

    Windows Server 2003 Ent SP2 and Exchange 2003 Ent SP2.

    I have a problem issuing a certficate with a common name of my external DNS of mail.domain.com. I can't open my Public Folders in ESM or through OWA. I was getting an error that the certificate name does not match the server name.

    When I use the internal host name as a common name, I have no problems with the Public Folders but I do get a certificate error in the browsers when connecting to OWA. Even if you install the certificate on the local machine, it keeps coming back. If you continue, it will open OWA with no issues. This error seems to be bugging some users and they requested a fix.

    I tried to disable GPO: Administrative Templates>Windows Components>Internet Explorer>Internet Control Panel>Advanced Page>Check for server certificate revocation

    This did not work. I want to avoid changing the external DNS of mail.domain.com if possible.

    Please help! Thanks.
    Attached Files

  • #2
    Re: Certificate issue with Public Folders

    With regards to public folders in ESM, you probably have require SSL enabled on the virtual directory.
    http://support.microsoft.com/kb/324345

    If you are using a self signed certificate you will always get the prompt in IE because the certificate is from a non-trusted source. Use a commercial certificate ( US$30/year from http://certificatesforexchange.com ) and then you will not have trust issues.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Certificate issue with Public Folders

      Thanks for your reply Sembee.

      If I install the certificate using the FQDN of the external address in the common name field, user can install the certificate on their local machine and they never get the certificate error in IE or Firefox again. When I use the internal FQDN hostname as common name, users get prompted with that certificate error everytime they visit OWA.

      Then problem #2: Public Folders seems to work only when I use the hostname as the common name in the certificate. If I use the external FQDN, then I get the message as described previously.

      So, if we purchase a thrid party certificate both problems would be resolved?

      In the common name field, do I put https://mail.domain.com or http://mail.domain.com (I have redirect to https)?

      Comment


      • #4
        Re: Certificate issue with Public Folders

        You shouldn't have require SSL enabled on the virtual directories outlined in that article at all - doesn't matter what the SSL certificate name is.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Certificate issue with Public Folders

          I've unchecked "Require secure channel (SSL)" in Directory Sercurity tab of Exadmin virtual Directory...still same problem.

          I did the samething for the Public virtual folder and ran iisreset...still the same problem.

          I'll try a free 30 day trial SSL Cert from one of the many sites out there.

          I'll update this thread once I find the solution.

          Comment

          Working...
          X