Announcement

Collapse
No announcement yet.

Outlook anywhere with Self Signed Cert Sbs 2008

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Outlook anywhere with Self Signed Cert Sbs 2008

    Hey guys I am having quite the difficult time here with Outlook anywhere.
    I am using Exchange 2007 that comes bundled with SBS 2008.
    I am a little stumped as to why this is not working properly.

    I exported my certificate as a .cer
    Enabled Outlook Anywhere in Exchange.
    Set the right parameters in Exchange for the external address.
    In my outlook client I click on RPC over HTTP and put my settings.

    https:/urloutside.com (I put only 1 / because I can't post outside URLs)
    Only use servers that have this principle name in their certificate = msstd:urloutside.com
    Ticked off on fast and slow networks
    Basic Authentication

    I press OK I put in my user email and server and click on
    check names. I get a popup asking me for my username and password.

    After a few seconds it will fail telling me that the server needs to be online in order to check the email.

    So if I press OK and try to force outlook to open I get the following error message

    There is a problem with the proxy server's security certificate. The security certificate is not from a trusted certifying authority.
    Outlook is unable to connect to the proxy server mydomain.com. (Error Code .

    When I go into internet explorer and try to import my certificate I can import it correctly into trusted publishers but I cannot import it into trusted root certificates.

    I get the message saying it is imported correctly but it never shows up.

    I have tried with certmgr.msc
    Manual import by picking Trusted Root Certificates and selecting show physical stores and placing it in Local Computer and it tells me it imported successfully but it never shows up.

    I am fairly certain that is my issue but for the life of me I have no idea how to fix it.

    Anyone with any ideas?

    P.S When I go to https:/mail.ctcopieur.ca/rpc and view my certificate it is the right one. (Again 1 / because I can't post outside URLs)
    Double P.S. This is a SELF SIGNED Certificate. I did not pay for the certificate. I have this working in Exchange 2003 perfectly fine.

    Thanks!
    Last edited by anthonyaudi; 7th November 2013, 21:05.

  • #2
    Re: Outlook anywhere with Self Signed Cert Sbs 2008

    FWIW, the hassles of configuring a self signed certificate vs a cheap UC (SAN) certificate from www.godaddy.com or www.certificatesforexchange.com (other providers are available) makes it a no-brainer to pay the $50-60 per year for the commercial one.

    There are plenty of instructions (https://www.google.co.uk/search?q=ex...B%3AIE-Address) and the whole process takes about an hour, plus waiting for domain validation
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Outlook anywhere with Self Signed Cert Sbs 2008

      True but let's take my example because the companies usually prefer free to paid.
      I am sure doing it with a paid certificate takes 10 seconds.

      Unfortunately, I am not in that boat.

      Comment


      • #4
        Re: Outlook anywhere with Self Signed Cert Sbs 2008

        I actually refuse to do anything with the "free" certificate because of the hassles involved.

        Simple maths:

        SSL certificate - $50.
        My time to get it working correctly $100/hour, in some cases PER MACHINE.

        The numbers don't stack up to use the "free" certificate.

        It should also be noted that self signed SSL certificates are not supported for use with Outlook Anywhere, they are a place holder because of the dependence on trusted certificates.

        If your external DNS provider supports SRV records then you can use a standard single name certificate - those can be had for $10/year if you look around.

        How much is your time worth?

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Outlook anywhere with Self Signed Cert Sbs 2008

          Sembee. I understand what you are saying.
          However, it is impossible to believe that Outlook Anywhere does not work with the self signed certificate in SBS. I know this because I have made this run in 2003. That being said, if you don't want to answer my question because you feel that it's absurd to get something free instead of paying for it then I respect your decision. But the thread is asking how to do it with the self signed certificate. Not which is better or easier.

          On a side note, once you know how to make it work with the free self signed certificate then it would probably take less time to get it up and running than going through the whole step of buying it and waiting. So to answer your question about my time being worth. More than 60 dollars a year because once I fix it once I never have to pay 60 dollars again until I change my exchange server.

          On a double side note, why would you take the easy "let me pay for it" way out than actually learn how to do it? If you were a business owner and someone told you "I can make it work for $60 / year" and someone told you "I can make it work for free" what would you choose?

          Anyways, let's not turn this thread into a flame fest that wasn't the point of my question. If you can't answer my question or don't want to answer my question because you don't believe in getting things for free instead of paying I respect that. Perhaps someone who has the answer or has made it work can chime in to why this cannot work. (Sembee that wasn't directed at you, it was just directed to the general people who will read this thread. I'd like to keep it on topic and not have 50 posts arguing about what is more cost effective or easier)

          Thanks!
          Last edited by anthonyaudi; 8th November 2013, 13:57.

          Comment


          • #6
            Re: Outlook anywhere with Self Signed Cert Sbs 2008

            I suggest that you read my blog posting on why self signed certificates are a very bad idea.

            http://blog.sembee.co.uk/post/Why-yo...tificates.aspx

            While a self signed SSL certificate might be "free", it isn't completely free. It still takes time to setup the certificate, and then to setup every client.
            Every client has to be configured to accept the "free" certificate, and then when you come to renew that certificate, you have to setup the "free" certificate again.
            If you change the configuration of the SBS server then the "free" certificate will change, requiring every client to be modified before they work again.

            I will be blunt, while I fully accept your argument that businesses always like something for "free" rather than a cost of $60 or whatever, any business person who is successful will look past the initial cost and what the long term cost is. Rarely does something that is free at the point of delivery actually remain free.

            The point I am trying to get across to you is that those of us who have been working with Exchange for many years, with many, many systems will tell you the same thing - the self signed certificates are simply not worth the hassle.

            Simon.
            --
            Simon Butler
            Exchange MVP

            Blog: http://blog.sembee.co.uk/
            More Exchange Content: http://exchange.sembee.info/
            Exchange Resources List: http://exbpa.com/
            In the UK? Hire me: http://www.sembee.co.uk/

            Sembee is a registered trademark, used here with permission.

            Comment


            • #7
              Re: Outlook anywhere with Self Signed Cert Sbs 2008

              I don't disagree with you at all. I actually completely agree with you.
              However, in my attempt to understand why it doesn't work with the self signed one I'd like to get an explanation as to what is causing it to fail.

              My initial assumption (which I am fairly certain is correct) is that the self signed certificate is not being successfully installed in the trusted root on the client. Which would cause it to fail when trying to connect in Outlook. Since it is not in the trusted root the system is most likely rejecting the certificate.

              My question is why does it say it imported successfully and why does it not appear?

              I've done this countless times with exchange 2003 and windows server 2003 r2

              I don't understand what is different with SBS 2008.

              Apart from the fact that everything is bundled I am at a loss :\

              Comment

              Working...
              X