SSL Education
I need some wisdom on understanding SSL and the "right" configuration for Exchange 2003 SP2. My company host our website with a 3rd party vendor. Lets call websiteadam.org. I have an exchange 2003 server on my local area network, so the Exchange is a member of adam.local. I installed a self cert on my exchange server and its been ok,anytime you use OWA you get an error, and you can always choose to ignore and press on.The actual cert warning is "The Security Certificate persented by this website was issued for a different website's address"So how do I go about getting rid of that warning? Will I always get that warning with a self cert? If I was to install a new SSL cert on my exchange server does the new server need to match the .local or the .org? does it need to match the name of the server instead of the domain? for example exchange.adam.local? Plus any documents on how to install a 3rd party SSL on an Exchange server?In addition, our boss wants to use a different domain name for our website, instead of adam.org they want to use eve.org but still have adam.org point to eve.org. How does this affect the SSL on the exchange if our email addresses are eve.org but our exchange is still a member of adam.local?Any advice would be great, thanks.
June 9th, 2009 5:06am

Hi, First please try to check the certificate for Default Web Site. Click Start > Administrative Tools > Internet Information Services (IIS) Manager Expand Websites > Right-click Default Website then select Properties Now select the Directory Security tab Under Secure Communications click View Certificate. There please check the value for Issue to, if it is ABC.com, then we need to access OWA via https://ABC.com/Exchange. Besides, we need have record for ABC.com in DNS. If we want to install self-signed certificate on Exchange Server 2003,then you can follow steps in article below: SSL Enabling OWA 2003 using your own Certificate Authority http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html If we want to install 3rd party certificate, then we need to generate request from IIS server and then send request to 3rd party certificate authority to issue certificate. There we need to type your external domain name (OWA URL) in the Your site common name blank. For the last question, I think we can create a CNAME record in DNS, but I think we may need to generate a SAN certificate which has adam.org and eve.org. We need to contact 3rd party CA to ask how to generate SAN certificate request. How to add a Subject Alternative Name to a secure LDAP certificate http://support.microsoft.com/kb/931351 Regards, Xiu
Free Windows Admin Tool Kit Click here and download it now
June 10th, 2009 10:00am

Thanks for the help. The issue I was running into was I had a self-cert installed on my Exchange server however, the new Palm Pre does not allow connections to a server with a self-cert. Only 3rd parties SSL that are part of the uniformed list of acceptable companies that issues certs. For Example a GoDaddy Turbo cert was not accepted but a cert from Registar.com was.I ended up learning alot about Root Cert, Intermediate Certs and Trusted Authority Certs and how each cert needs to chain to each other. Long story short I got a cert from Registar.com for $38 for three years. Installed on my Exchange, all phones (except the Palm Pre because Palm admitted this is a known issue) can sync SSL and my OWA is now good to go.Thanks.
June 19th, 2009 5:47pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics