OWA and Verisign 1

[outofcontrol]

I hope that I did this right but it seems that I might have screwed up.

I requested a certificate from Verisign for my web site at

http://www.example.com

(not real) so that my users can continue to type

https://www.example.com/exchange

and get to the OWA site.

Not it appears that OWA will not work at all since the 443 is on the

http://www.example.com

site and not on the default site any longer. Do I need a certificate for the default site as well as the

http://www.example.com

web site??

Can I move owa and oma and activesync to the

http://www.example.com

site? Is there other options that I should explore??

Thanks

 

[markdmac]

If all you are using the certificate for is internal employees access to email, then you don't need to spend the money for a verisign cert. You can self assign using Certificate Authority which you can install from your Windows Server CD.

Your cert needs to match the FQDN of the Exchange server which is not typically the same as WWW. Check what your MX record points to, that is usually the name used for the cert.

I hope you find this post helpful.

Regards,

Mark

 

[outofcontrol]

mark thank you for your help. I will be using this cert for both internal and external users. Most of our users are external. Is there a good FAQ you can point to me on how to create a self signed cert??

Thanks

 

[markdmac]

Just to be clear, when I said internal users I meant employees, people with email accounts. The reason I made that distinction is that the cert being self signed would be "untrusted" by people from outside of your company.

I am not aware of an FAQ, but if you install the CA and just launch it it will take you through the wizard. There are only a few screens so I think it should be self explanatory.

I hope you find this post helpful.

Regards,

Mark

 

[outofcontrol]

Thanks Mark; I was able to get the cert services loaded and running.

Now I processed the cert request on the iis 6.0 server. but how do I get a .cer file from that??

 

[markdmac]

Where did you install the CA? Did you install it on the Exchange box? If so go into the site properties in IIS. Go to security. Click to install the certificate and it will find it.

If you installed the CA on another server, then visit

http://servername/certsrv

and install the root cert.

I hope you find this post helpful.

Regards,

Mark

 

[adcfaq]

IMHO, MS CS is for s&m, for large enterprise, verisign is more common, also, i see weired issues in a daily basis of MS CS, instead of continutesly tshooting of paying my consultanting fee, i'd recommend my cusotmner to spend a little money on 3rd party commerical certificate services companies.

-----
Directory Services/Exchange Consultant

 

[markdmac]

I would have to respectfully disagree. We run MS CA on a number of small to medium IT clients and have no issues with them whatsoever.

We provide the customers with screen shots of how to install the cert from their server and that's the end of it. If our SBS users (who tend to be less technically literate) can handle it then I can't see it being a big pain for anybody else.

I hope you find this post helpful.

Regards,

Mark

 

[adcfaq]

agree with u, but not a lot of people have the same level of expertise as you. for me, i just don't want my cusotmer to pay for 200$/h just fix CA.

-----
Directory Services/Exchange Consultant

 

[Donkey1]

OutofControl,

Follow this link for an excellent FAQ on how to set up your Exchange server for OWA and SSL using your own cert.

http://www.msexchange.org/tutorials/Securing-Exchange-Server-2003-Outlook-Web-Access-Chapter5.html

Regards,

Andy.