SLL Certificate
Hello,I am using Echange 2007 SP1.We have received a new certificat and I have imported the *.pfx into the IIS 6.0 on the hubcas and mailbox and Isa server (Microsoft ISA server 2006)I only did the above and When I try to connect on http://mail.company.com I can reach page.But once I put my credentials I get the below error:Error code: 500 internal server error. The mail target name is not correct. (-2146893022) COuld you please help me out. I must ahev forgot something but I have not done a certificat intall/configuration.Thanks to all in advance,Graig
January 14th, 2010 11:37pm

One explanation for your error could be that you have not followed the proper procedures for installing the certificate on Exchange.Securing an Exchange 2007 Client Access Server using a 3rd party SAN Certificatehttp://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.htmlMCTS: Messaging | MCSE: S+M | Small Business Specialist
Free Windows Admin Tool Kit Click here and download it now
January 15th, 2010 12:23am

Thank you very much for your reply.In fact I weirdly can connect and use internaly the OWA, I use IP address inteast of mail.company.com so the https://192.32.26.565/owa works.Anyway do I need to go through the below command?:New-ExchangeCertificate -generaterequest -subjectname "dc=com,dc=contoso,o=Contoso Corporation,cn=exchange.contoso.com" -domainname exchange.contoso.com, CAS01,CAS01.exchange.corp.constoso.com, autodiscover.contoso.com -PrivateKeyExportable $true -path c:\certrequest_cas01.txtOr I could directly I important the certficate as I have the pfx file?:Import-ExchangeCertificate –Path c:\mobile.exchangehosting.dk.p7b | Enable-ExchangeCertificate –Services IISI would like to ask you as well whether I would need to do something else on the ISA Servers? or Edge?Thanks again
January 15th, 2010 1:19am

Hi You don’t need to import certificate to the CAS server. That would be enough adding to the ISA server. Please check your Web Publishing rule and "This rule applies to this published site" section. Then it changes it to mail.company.com and add Internal CAS IP address for the “"Computer name or IP address (required if the internal site name is different or not resolvable)" section. See below resources http://forums.msexchange.org/SSL_Certificate_Error/m_1800433353/tm.htm http://www.isaserver.org/tutorials/LDAP-Pre-authentication-ISA-2006-Firewalls-Part4.html Regards Chinthaka Shameera | MCITP: EA | MCSE: M | http://howtoexchange.wordpress.com/
Free Windows Admin Tool Kit Click here and download it now
January 15th, 2010 6:23am

Hi,ISA has the feature for the SSL bridging which can decrypts the SSL request from the client, then encrypts it again and forwards it to the Web Server, also which can decrpts the SSL request from the client and forwards it to the Web Server without encryption.For the first scenario, the SSL needs to be applied for the IIS. Otherwise, it's no need to do that.In my opinion, to make other services under IIS working normal, you should apply for the SSL certificate.http://technet.microsoft.com/en-us/library/bb794751.aspxhttp://www.isaserver.org/tutorials/Generating-SSL-Certificates-Exchange-2007-ISA-Server-2006.htmlThanksAllen
January 20th, 2010 11:44am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics