Help with SSL’s

Home Forums Messaging Software Exchange 2000 / 2003 Help with SSL’s

This topic contains 14 replies, has 3 voices, and was last updated by tehcamel tehcamel 7 years, 8 months ago.

Viewing 15 posts - 1 through 15 (of 15 total)
  • Author
    Posts
  • Avatar
    Si_Pe
    Member
    #157773

    Hello,

    I am confused now…

    I have been looking at various SSL sites as I posted a while ago on here about getting our 2003 exchange box sorted ready for use with iPad’s etc.

    It appears a bit of a mind field and I have been talking with them and I don’t think I know what I need.

    Can someone clear it up for me.

    do I need http://www.instantssl.com/ssl-certificate-products/ssl-certificate-ucc.html?ap=ce047 and that only to install on our exchange box?

    I am not sure what domain name I need to put on the order? Is it the FQDN I need to put? I need a certificate for an internal private IP yes?

    Sorry to sound dumb but I think I have confused myself now!

    Thanks,
    Simon

    JeremyW
    JeremyW
    Moderator
    #270209

    Re: Help with SSL’s

    The SSL certificate is IP agnostic so that part doesn’t matter.

    What you want is to get a 3rd party to sign your certificate for the public facing FQDN of the Exchange server.

    So if your Exchange server is named ex01.domain.local but on the Internet users go to mail.domain.com to get their email, you will need to get the certificate for mail.domain.com.

    Avatar
    Si_Pe
    Member
    #278256

    Re: Help with SSL’s

    Thanks for your help!

    Our example email address is [email protected]

    so I need to put @g-l.co.uk on the form?

    Is the link ok for the certificate I need?

    Thanks!

    JeremyW
    JeremyW
    Moderator
    #270210

    Re: Help with SSL’s

    Si_Pe;253718 wrote:
    so I need to put @g-l.co.uk on the form?

    Nope, that won’t be it. Is the Exchange server behind a NAT firewall and do you have traffic being forwarded to it? I assume that port 25 is being forwarded but what about 80 and 443? Do you have OWA setup?

    Si_Pe;253718 wrote:
    Is the link ok for the certificate I need?

    This cert is more than you need but it will get the job done. You can get just a regular SSL cert.

    Avatar
    Si_Pe
    Member
    #278257

    Re: Help with SSL’s

    Sorry again but….

    Webmail works internally fine via the ip address of the exchange server /exchange.

    So to make this available for public use I set-up a port forward to 443 on our router and access it via the external ip /exchange?

    Thanks

    JeremyW
    JeremyW
    Moderator
    #270211

    Re: Help with SSL’s

    Is mail sent directly to your Exchange server or are you using the POP3 connector? Do you have a static IP address?

    If you have a static IP address then you need to add a host record in your public DNS for that IP. Usually something like mail.domain.com (but you can make it whatever you like). If it’s dynamic then you need to use a DDNS service or get a static IP and then setup the host record in your public DNS.

    Once that is done you then get a certificate for your public DNS host record.

    Avatar
    Si_Pe
    Member
    #278258

    Re: Help with SSL’s

    JeremyW;253721 wrote:
    Is mail sent directly to your Exchange server or are you using the POP3 connector? Do you have a static IP address?

    If you have a static IP address then you need to add a host record in your public DNS for that IP. Usually something like mail.domain.com (but you can make it whatever you like). If it’s dynamic then you need to use a DDNS service or get a static IP and then setup the host record in your public DNS.

    Once that is done you then get a certificate for your public DNS host record.

    Hi Jeremy,

    Thanks for helping!

    Our mail is sent to a static ip yes. How do I add a entry into the public dns for our static ip?

    I am feeling seriously dumb today!

    Cheers!

    Avatar
    Si_Pe
    Member
    #278259

    Re: Help with SSL’s

    Ah okay,

    A company hosts our email so I need to speak to them regarding the host record for our ip address.

    Thanks!

    JeremyW
    JeremyW
    Moderator
    #270212

    Re: Help with SSL’s

    Si_Pe;253723 wrote:
    Ah okay,

    A company hosts our email so I need to speak to them regarding the host record for our ip address.

    Thanks!

    Correct. :)

    Avatar
    Si_Pe
    Member
    #278260

    Re: Help with SSL’s

    JeremyW;253728 wrote:
    Correct. :)

    Got there in the end!

    Thanks very much for your help!

    Avatar
    Si_Pe
    Member
    #278261

    Re: Help with SSL’s

    Hello,

    I have now got a new a record created for our mail but I am being refused a certificate because of the following.

    We have failed to automatically retrieve an email address for the domain name Registrant nor Administrative Contact. It appears your whois record does not present valid or public email address contacts or has private registration in place.

    Sorry but can you help?

    JeremyW
    JeremyW
    Moderator
    #270224

    Re: Help with SSL’s

    This is most likely due to the registration being private. You can either change the registration from private to public and then try again or you can contact the certificate authority and see if there is another way to validate the request. (there usually is)

    Avatar
    Si_Pe
    Member
    #278262

    Re: Help with SSL’s

    Just a quick post to say thanks!

    All working a treat!

    Many thanks,
    Simon

    JeremyW
    JeremyW
    Moderator
    #270227

    Re: Help with SSL’s

    Excellent.
    Glad to help. 8)

    tehcamel
    tehcamel
    Moderator
    #358584

    Re: Help with SSL’s

    and also – i think you’ll find “certificatesforexchange.com” is cheaper for an SSL cert than instantSSL..

Viewing 15 posts - 1 through 15 (of 15 total)

You must be logged in to reply to this topic.