Announcement

Collapse
No announcement yet.

SSL certificate issue

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SSL certificate issue

    Hi all.
    I havn't figured out how to generate a certificate that works both for SSL access to our Exchange 2003 OWA BOTH from the internal network AND from the Internet. I get a certificate error that says:
    In ie7 for example: "There is a problem with this website's security certificate." and that it's not recommended to continue.
    It works fine, it's just annoying.
    I think it has to do that we accesses it using 2 different names,
    webmail.ourtinternetdomain.se and
    ex02.ourADdomain.net.

    Are there some sweet document somewhere that covers this?

    This has to be a VERY common issue!

    If anyone knows, PLEASE reply.

    Thanx in advance, Zeb.

  • #2
    Re: SSL certificate issue

    To clarify, are you talking about setting up SSL for OWA only, or are you talking about enabling SSL for both OWA as well as SMTP virtual servers?



    As far as OWA goes, when I set up an Exchange 2003 server, I don't remember this being difficult at all. I didn't even request a certificate from a CA.

    I believe all I did was enable SSL on the IIS site running on the Exchange server by adding port 443 which turns on SSL encryption (https://). Or, SSL was already set up and all I did was point the clients to the already enabled https://<servername/ address.

    I'm thinking the certificate for the server is installed automatically during the MS Exchange 2003 installation because I honestly don't remember installing it and I definitely did not request a cert from a CA for this server.

    When I look at the properties of the website which hosts OWA, I can view the server certificate - it's there. My Exchange pocket consultant talks about requesting a certficate from a CA for each Exchange virtual server protocol but I know I didn't go through those steps.

    I can access OWA both internally and externally from the internet with no certificate problems. I know that probably doesn't help you; sorry.


    In addtion, one or more of the following links may be helpful, but again, I never went through all this to set up SSL based OWA.

    http://www.msexchange.org/tutorials/..._OWA_2003.html

    http://www.msexchange.org/tutorials/...rtificate.html

    http://www.msexchange.org/tutorials/MF004.html

    Maybe Daniel has an answer for this. He seems to be the Exchange guru around here, being a Microsoft Exchange MVP and all

    If I have time tonight, I may try setting up an isolated Exchange environment in my lab to help me remember what steps I took, but my memory right now is telling me I didn't do much and therefore it worked out of the box.

    Jas
    Last edited by jasonboche; 3rd May 2006, 00:06.
    VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
    boche.net - VMware Virtualization Evangelist
    My advice has no warranties. Follow at your own risk.

    Comment


    • #3
      Re: SSL certificate issue

      Originally posted by jasonboche
      If I have time tonight, I may try setting up an isolated Exchange environment in my lab to help me remember what steps I took, but my memory right now is telling me I didn't do much and therefore it worked out of the box.

      I just got back from jogging. The Exchange 2003 lab is building as I type this.

      1 DC
      1 Member server with IIS, Exchange, & OWA

      I should have started the builds before I went running. Oh well.
      VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
      boche.net - VMware Virtualization Evangelist
      My advice has no warranties. Follow at your own risk.

      Comment


      • #4
        Re: SSL certificate issue

        I performed the installation of Exchange last night and discovered that the Exchange 2003 creates a SSL certificate for the server that Exchange is being installed on. The only step that needs to be performed is to add the certificate in the IIS Admin console on the Exchange server. Following these steps, the certificate works both internally and externally.
        VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
        boche.net - VMware Virtualization Evangelist
        My advice has no warranties. Follow at your own risk.

        Comment


        • #5
          Re: SSL certificate issue

          Hi againm,
          thanks for your thoughts,
          I'm talking about SSL for OWA only.
          The cert I generate will use the host name for the server or any name I add instead using the wizard.
          I do this every day.....
          My scenario:
          I use only 1 Exchange 2003 server at the moment and no front end server,
          therefor will it complain about that the certificate does not match the server name. I generate the certificate on my exchange server named ex02.internalADdomain.net BUT from the Internet the name is webmail.ourdomain.se, this is the issue, and Internet Explorer warns that the cert does not match the domain name.
          (this is about the same as I first wrote...)
          However, there are no "default" cert when I install the Exchange Server.
          I don't see how that should work.
          Thanks any way for your efforts to help.
          I f you want to test my problem, use 1 Exchange server and try to access it from the Internet using https OWA.

          Regards, Zeb.

          Comment

          Working...
          X