Solved

SSL cert pop-up when accessing OWA with a CNAME

Posted on 2004-03-23
6
974 Views
Last Modified: 2006-11-17
I have a new E2K server that work just fne, there is however one niggly little annoyance. The SSL cert pops up when users access the OWA with a CNAME, is there anyway around?

https://realhostname.domain.com/exchange --> no SSL popup
https://cname.domain.com/exchange --> SSL popup
0
Comment
Question by:froggy_bill
  • 3
  • 2
6 Comments
 
LVL 8

Expert Comment

by:Emptyone
ID: 10664819
The reason is that you have issued the certificate with the servers realhostname. If you want them to reach the server on a different name, for instance from internet, then you would have to issue the certificate in that name
0
 
LVL 4

Expert Comment

by:rhettlee
ID: 10676393
Bill,
Have you tried clicking the "View Certificate" and then importing it when accessing the OWA using the CNAME? Your still accessing the same server right? So they are both sites is issuing the same certificate.
0
 

Author Comment

by:froggy_bill
ID: 10689671
let me give that a try...brb
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:froggy_bill
ID: 10689719
Nope...
'This certificate cannot be trusted up to a trusted certificate authority.'
0
 

Author Comment

by:froggy_bill
ID: 10689846
this works...
You will have received 3 Certificates. Save these Certificates to the desktop of the webserver machine, then:

Click the Start Button then selct Run and type mmc
Click File and select Add/Remove Snap in
Select Add, select Certificates from the Add Standalone Snap-in box and click Add
Select Computer Account and click Finish
Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in
Return to the MMC
To install the TrustRoot Certificate:


Right click the Trusted Root Certification Authorities, select All Tasks, select Import.


Click Next.


Locate the TrustRoot Certificate and click Next.
When the wizard is completed, click Finish.
To install the SecurityServicesCA Certificate:


Right click the Intermediate Certification Authorities, select All Tasks, select Import.
Complete the import wizard again, but this time locating the SecurityServicesCA Certificate when prompted for the Certificate file.
Ensure that the TrustRoot certificate appears under Trusted Root Certification Authorities
Ensure that the SecurityServicesCA appears under Intermediate Certification Authorities
Installing your IIS SSL Certificate:
Select Administrative Tools
Start Internet Services Manager


Open the properties window for the website. You can do this by right clicking on the Default Website and selecting Properties from the menu.
Open Directory Security by right clicking on the Directory Security tab


Click Server Certificate.

Choose to Process the Pending Request and Install the Certificate. Click Next.
Enter the location of your IIS SSL certificate (you may also browse to locate your IIS SSL certificate), and then click Next.
Read the summary screen to be sure that you are processing the correct certificate, and then click Next.
You will see a confirmation screen. When you have read this information, click Next.
You now have an IIS SSL server certificate installed.
Important: You must now restart the computer to complete the install

You may want to test the Web site to ensure that everything is working correctly. Be sure to use when you test connectivity to the site.
0
 
LVL 8

Accepted Solution

by:
Emptyone earned 125 total points
ID: 10691021
To just have one certificate, make add a host in your DNS pointing do your exchange server with the same name you want it to be reached from on the internet.

Exchange server name: exchange.domain.com
Host added to DNS: mail.domain.com
Used on internet: mail.domain.com

Certificate issued on this address: mail.domain.com

0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now