Announcement

Collapse
No announcement yet.

Redirecting to SSL for webmail/activesync

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Redirecting to SSL for webmail/activesync

    Hello,

    I have a subdomain set up for webmail and activesync connectios with SSL (ex. owa.domain.com). Users are directed to this domain for email access and it is working without issue. I have the mail.domain.com subdomain set up that points to the same IP so that we are not black listed from other domains we send emails to; so they can verify that mail is coming from the correct IP. Well, users can also connect to mail.domain.com for webmail and activesync and I want to prevent this or redirect them to the SSL subdomain. I can do this though my domain registry company, but will this affect anything else in a negastive way? Also, this will redirct webmail access, but I do not think that it will work for smartphones connecting through activesync. Is there another way (or better way) of doing this through exchange 2003? Thank you.

  • #2
    Re: Redirecting to SSL for webmail/activesync

    I have to ask, since it is the same IP, and ends up at the same virtual directory in IIS, why bother (SSL will work on both -- it is at the virtual directory level -- and I assume SSL is enforced)?

    Just tell users the devices should be configured to owa.domain.com and if they call you saying they are having problems with mail.domain.com tell them to reconfigure. You could tell a white lie and say the certificate only works with owa.domain.com so using mail is a security risk
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Redirecting to SSL for webmail/activesync

      To echo above, why bother?
      Anything you do in DNS is either not going to work, or break ActiveSync. ActiveSync cannot be redirected to another URL. It either connects to the URL entered or fails.

      Settle on a single URL, get the DNS and PTR to match and tell users to check their devices and correct if required. Then delete the other DNS entry.

      It would be possible to support both URLs on the same SSL certificate. You would need to use a Unified Communications certificate. Generate a new SSL request and then when you enter it in to the SSL provider, add the second host name as an additional one.

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment

      Working...
      X