Announcement

Collapse
No announcement yet.

Exchange 2007 sp1 Outlook Anywhere SSL certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2007 sp1 Outlook Anywhere SSL certificate

    Hi

    Please can anybody help. I am setting up a client with sbs 2008 and they have 3 users who need outlook anywhere access. I know you are supposed to get a 3rd party ssl certificate for this to work. The problem is we use a dyndns account for our ip as we don't have a static address. When you get an ssl cert they seem to do a whois on the domain name and this fails because ours is for example companyname.dyndns.biz. When you run the ssl certificate in sbs 2008 it creates remote.emaildomain.co.za. When you try access the server with companyname.dyndns.biz you get the certificate error saying it does not match. What happened to the selfssl from sbs 2003 and does this still work on sbs 2008. I don't mind adding the certificates manually to each machine as there are only 3 and no windows mobile machines at all. I need to get this working asap so any help will be appreciated.


    Thanks

  • #2
    Re: Exchange 2007 sp1 Outlook Anywhere SSL certificate

    SBS 2008 creates a CA and certificate for RWW use during install, which is the URL you listed. Surely you own this domain name as it is your email domain? In which case you should have your domain registrar map remote.emaildomain.co.za to your dynamic external IP. Outlook Anywhere does not care about the IP being static or dynamic.

    Normally all you need to install is the root certificate on the remote machine. As long as the certificate presented by the Outlook Anywhere address is issued by the same CA the machine will trust it and allow the connection. More info at Technet.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment


    • #3
      Re: Exchange 2007 sp1 Outlook Anywhere SSL certificate

      Hi Cruachan

      Thanks for the reply. Do I still need to get the 3rd party(godaddy ssl) certificate. If so
      what ssl cert do I need. Will it be a single domain eg remote.emaildomain.co.za or will I need a multiple command name ssl eg remote.emaildomain.co.za, autodiscovery.emaildomain.co.za, servername.domain.local ect.
      Thanks for the time and help

      Comment


      • #4
        Re: Exchange 2007 sp1 Outlook Anywhere SSL certificate

        I'd use the self-signed personally, it's not only free but also automatically configured in SBS 2008. There's a wizard for installing the certificate on mobile devices (laptops and phones), more details here. That app automatically installs the root CA into the Trusted Root CA store on the devices which is sufficient for Outlook Anywhere to work.

        I would expect that the Exchange/OWA certificate contains all of the names required but I've only done one SBS 2008 installation so I'm not hugely familiar with it yet. However as far as Outlook Anywhere is concerned the package is all you need from the certificate point of view.
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        sigpic
        Cruachan's Blog

        Comment


        • #5
          Re: Exchange 2007 sp1 Outlook Anywhere SSL certificate

          The wizards in SBS 2008 make some presumptions, the major one being that you can use SRV records. In this scenario you cannot. Therefore you cannot use the wizard in SBS to create the certificate request.

          I have blogged on how to do the certificate request and install for SBS 2008.

          http://blog.sembee.co.uk/archive/2010/03/27/120.aspx

          As for using a dynamic DNS service - that isn't a problem.
          Simply CNAME the required hosts on your own domain to the dynamic DNS host, then apply for all certificates using your own domain.
          The dynamic DNS service is simply used in the background, the users themselves do not use it.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment

          Working...
          X