Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OWA certificate problem / CSR mistake?

Status
Not open for further replies.

MillMaster

IS-IT--Management
Jan 23, 2006
82
US
Here is the basic rundown to start:

SBS running Exchange 2003
OWA is running under the Default Website with Home Directory redirected to /exchange
Was using self-signed cert.

I recently registered an A record so users didn't have to deal with entering the IP address anymore
(A record points to one of my public IP's, router has 1-to-1 NAT to the SBS server)

I also bought a basic SSL cert to get rid of the cert errors users would see when going to the site.

I installed the certificates correctly, however users still see the certificate error when going to the site.

I think I may have made a mistake when filling out the CSR. Should I have used the domain name I registered, my public IP address or my private IP address on the CSR?

 
The only name on the certificate you should have applied for is "server.domain.com" where "server" is the URL that you access from the Internet.
The warning message will tell you three things;
Whether the cert is in date.
Whether the cert is trusted by the PC you're using.
Whether the name on the cert (on the server) matches the URL you used to get to the server.

Which one (or ones) did you get a yellow triangle for?
 
I got yellow triangles for the second and third items you mentioned. I can install the cert and the trusted error goes away, but the 3rd (name on the cert matching) stays. (I think this problem is due to GoDaddy's intermediate certificate not installing right, though I import it into the Intermediate Cert folder and it says it has been imported, I dont see anything denoting in in that folder)

Do I need to denote the server name in IIS anyplace?

The CSR was made for
My A-record for domain.com and Cname for to a
GoDaddy redirection IP address. The redirector is set to
That IP address is mapped 1-to1 NAT to my exchange server, which is also my SBS 2003 server.

I am running OWA under the default website. IP address is set to all unassigned. I have only 1 identity for 80 and 443.
 
I dont think you can do a redirect like that with an ssl cert. Im not certain but i want to say that goes against the security thing because it technically isnt the server name anymore.

Wm. Reynolds
RRWDS | TxPSS


- - - - - - - - - - - - -
Network Error:
Hit any user to continue
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top