Announcement

Collapse
No announcement yet.

Help with SSL's

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Help with SSL's

    Hello,

    I am confused now...

    I have been looking at various SSL sites as I posted a while ago on here about getting our 2003 exchange box sorted ready for use with iPad's etc.

    It appears a bit of a mind field and I have been talking with them and I don't think I know what I need.


    Can someone clear it up for me.

    do I need http://www.instantssl.com/ssl-certif....html?ap=ce047 and that only to install on our exchange box?

    I am not sure what domain name I need to put on the order? Is it the FQDN I need to put? I need a certificate for an internal private IP yes?

    Sorry to sound dumb but I think I have confused myself now!

    Thanks,
    Simon
    Kind Regards,
    Simon

  • #2
    Re: Help with SSL's

    The SSL certificate is IP agnostic so that part doesn't matter.

    What you want is to get a 3rd party to sign your certificate for the public facing FQDN of the Exchange server.

    So if your Exchange server is named ex01.domain.local but on the Internet users go to mail.domain.com to get their email, you will need to get the certificate for mail.domain.com.
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: Help with SSL's

      Thanks for your help!

      Our example email address is [email protected]

      so I need to put @g-l.co.uk on the form?

      Is the link ok for the certificate I need?

      Thanks!
      Kind Regards,
      Simon

      Comment


      • #4
        Re: Help with SSL's

        Originally posted by Si_Pe View Post
        so I need to put @g-l.co.uk on the form?
        Nope, that won't be it. Is the Exchange server behind a NAT firewall and do you have traffic being forwarded to it? I assume that port 25 is being forwarded but what about 80 and 443? Do you have OWA setup?

        Originally posted by Si_Pe View Post
        Is the link ok for the certificate I need?
        This cert is more than you need but it will get the job done. You can get just a regular SSL cert.
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Help with SSL's

          Sorry again but....

          Webmail works internally fine via the ip address of the exchange server /exchange.

          So to make this available for public use I set-up a port forward to 443 on our router and access it via the external ip /exchange?

          Thanks
          Kind Regards,
          Simon

          Comment


          • #6
            Re: Help with SSL's

            Is mail sent directly to your Exchange server or are you using the POP3 connector? Do you have a static IP address?

            If you have a static IP address then you need to add a host record in your public DNS for that IP. Usually something like mail.domain.com (but you can make it whatever you like). If it's dynamic then you need to use a DDNS service or get a static IP and then setup the host record in your public DNS.

            Once that is done you then get a certificate for your public DNS host record.
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: Help with SSL's

              Originally posted by JeremyW View Post
              Is mail sent directly to your Exchange server or are you using the POP3 connector? Do you have a static IP address?

              If you have a static IP address then you need to add a host record in your public DNS for that IP. Usually something like mail.domain.com (but you can make it whatever you like). If it's dynamic then you need to use a DDNS service or get a static IP and then setup the host record in your public DNS.

              Once that is done you then get a certificate for your public DNS host record.
              Hi Jeremy,

              Thanks for helping!

              Our mail is sent to a static ip yes. How do I add a entry into the public dns for our static ip?

              I am feeling seriously dumb today!

              Cheers!
              Kind Regards,
              Simon

              Comment


              • #8
                Re: Help with SSL's

                Ah okay,

                A company hosts our email so I need to speak to them regarding the host record for our ip address.

                Thanks!
                Kind Regards,
                Simon

                Comment


                • #9
                  Re: Help with SSL's

                  Originally posted by Si_Pe View Post
                  Ah okay,

                  A company hosts our email so I need to speak to them regarding the host record for our ip address.

                  Thanks!
                  Correct.
                  Regards,
                  Jeremy

                  Network Consultant/Engineer
                  Baltimore - Washington area and beyond
                  www.gma-cpa.com

                  Comment


                  • #10
                    Re: Help with SSL's

                    Originally posted by JeremyW View Post
                    Correct.
                    Got there in the end!

                    Thanks very much for your help!
                    Kind Regards,
                    Simon

                    Comment


                    • #11
                      Re: Help with SSL's

                      Hello,

                      I have now got a new a record created for our mail but I am being refused a certificate because of the following.

                      We have failed to automatically retrieve an email address for the domain name Registrant nor Administrative Contact. It appears your whois record does not present valid or public email address contacts or has private registration in place.

                      Sorry but can you help?
                      Kind Regards,
                      Simon

                      Comment


                      • #12
                        Re: Help with SSL's

                        This is most likely due to the registration being private. You can either change the registration from private to public and then try again or you can contact the certificate authority and see if there is another way to validate the request. (there usually is)
                        Regards,
                        Jeremy

                        Network Consultant/Engineer
                        Baltimore - Washington area and beyond
                        www.gma-cpa.com

                        Comment


                        • #13
                          Re: Help with SSL's

                          Just a quick post to say thanks!

                          All working a treat!

                          Many thanks,
                          Simon
                          Kind Regards,
                          Simon

                          Comment


                          • #14
                            Re: Help with SSL's

                            Excellent.
                            Glad to help.
                            Regards,
                            Jeremy

                            Network Consultant/Engineer
                            Baltimore - Washington area and beyond
                            www.gma-cpa.com

                            Comment


                            • #15
                              Re: Help with SSL's

                              and also - i think you'll find "certificatesforexchange.com" is cheaper for an SSL cert than instantSSL..
                              Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                              Comment

                              Working...
                              X