Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSL slow if you create your own Certificate? 2

Status
Not open for further replies.
Benjaminle

Benjaminle

IS-IT--Management
Jan 22, 2002
120
US
I have tried to create my own Certificate to install SSL for OWA for both Exchange 2000 in Windows 2000 and Exchange 2003 in Windows Server 2003. The result came out the same for both IIS 5.0 and 6.0.

When I used my own Certificate to create SSL, accessing to OWA from outside of my LAN is very very slow. It takes approximately 1 minute for SSL authentication screen to pop up and then the logon screen for OWA. When I logged on to OWA within my LAN, SSL and logon screen loaded instantly. This happened on both Exchange 2000 in IIS 5.0 and Exchange 2003 in IIS 6.0.
If I bought the certificate from Verisign or other provider, my SSL worked great for both internal and external access to OWA. Is there a problem with MS certificate? Have anyone create their own certificate and it works?
 
Sort by date Sort by votes
I created my own cert with the self certify tool and it works fine. This is with exchange 2003 and windows 2003.
 
Upvote 0 Downvote
Which Self certifying tool is that? Do you have a knowledge page or link to it?
 
Upvote 0 Downvote
Hi,

i've got the same problem !
Is somebody find a solution ???

Thanks
Bob
 
Upvote 0 Downvote
The self-certified tool is only used for Developement. It was not created for Production. When I used the self-certified tool, my certificate has some error. Plus, you have to install the cert from the client side to get it work properly. I'd recommend going to the site that Remie mention and try to troubleshoot it from there. Comodo aka InstantSSL has the cheapest, yet outstanding certificates that you can purchase from. 2 years for $114. That's not bad. For now, I still haven't found a resolution for creating my own fully fuctional certificate yet.
 
Upvote 0 Downvote
Hi, the problem is DNS based as the built in Microsoft CA
point the http to the (local DNS) machine name.
For example if your server is named SERVER and your local domain local.company.com the path to publish will be
(you can look this up in the certificate details)
In your AD DNS the server can only have a local ip
(ie. 192.168.1.2).so this can't be found...

So what you need to change is this path.
I couldnt find anything so I dived into the registry and
changed the following keys.

HKEY_LOCAL_MACHINE/CURRENTCONTROLSET/SERVICES/CERTSERV/CONFIGURATION/"COMPANYNAME"
KEY: CACertPublicationURLs
KEY: CRLPublicationURLs
where after the http:// I changed the %1 into the
"outside DNS name" (where OWA is to be accessed) ie. mail.company.com
And that solved the problem and is very quick again !

Don't forget to restart services and remove current certificates in IE.

Good luck,

You can mail me if you want.
John@os2.nl
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

IcarusHallsorts
  • Locked
  • Question
VBA to create output file of headers of selected emails
Replies
0
Views
3K
IcarusHallsorts
IcarusHallsorts
Rohit Bareja
  • Locked
  • Question
View and access only own records, and not the records by others on SharePoint.
Replies
3
Views
3K
garysm
garysm
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
2K
Wesaf
Wesaf
Rupinder Kaur
  • Locked
  • Question
How do you delete time from activity in QuickBooks?
Replies
3
Views
488
strongm
strongm
pinytech
  • Locked
  • Question
What is the function of the SSL Cert in Exch 2010
Replies
1
Views
291
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top