Solved

Expired Self-Issued Certificate

Posted on 2006-11-22
6
733 Views
Last Modified: 2012-05-05
I have Exchange 2003 SP2 running OWA with a self-issued certificate from the CA running on the local Exchange Server.  It was valid for 2004-2006 and expired a few months ago.  This normally doesn't matter, we just use it for internal SSL for OWA.  

I'm now setting up Microsoft Direct Push, and I got it to work unsecured http.  I want to secure the data between the mobile devices and the server by using SSL, but the mobile devices don't like our expired certificate.  I recently revoked the certificate to create a new one.  

I created a dummy site in IIS, and went through the wizard to create a new certificate, but it hasn't shown up anywhere yet.

Please advise on the best technique for me to run our OWA and Exchange Active Sync under a non-expired Cert so I can continue my project.

Just for sport, I was given a Thanksgiving deadline yesterday on implementing Direct Push for Mobile devices for the company so the boss can see how well it works.

0
Comment
Question by:dempsedm
6 Comments
 
LVL 26

Accepted Solution

by:
jar3817 earned 70 total points
ID: 17999961
Buy a real cert from a trusted authority. I could be wrong, but I've heard you need a trusted cert for direct push (and rpc over https) to work properly. You can get one for $20/yr at godaddy.com.
0
 
LVL 4

Author Comment

by:dempsedm
ID: 17999980
I may consider this, but for testing purposes was hoping to use my own.
0
 
LVL 4

Author Comment

by:dempsedm
ID: 17999983
Also, I have used RPC over https with self cert.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 4

Author Comment

by:dempsedm
ID: 18000025
To clarify, you do need a trusted cert, but you can add your own to be trusted.  Some are already "pre-trusted" from verisign, etc.  I have installed the cert properly to the device, but it expired a few months ago.
0
 
LVL 7

Assisted Solution

by:dlangr
dlangr earned 50 total points
ID: 18000195
see http://www.isaserver.org/tutorials/2004owafba.html for a good explanation of how to use your own self-signed certificate, you can leave out the isa part if you don't use it.

If you are using self-signed certificates you usually have to edit the registry of the mobile devices to allow importing self signed certificates or use a tool like http://www.jacco2.dds.nl/networking/pfximprt.html#Using_pfximprt
0
 
LVL 8

Assisted Solution

by:deadite
deadite earned 50 total points
ID: 18000839
If you want to setup SSL (for free) you can create your own SA, generate the cert request, then have your CA make the cert.  Here is a simple step by step direction to do this:
http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

In addition, you will probably want to automatically redirect HTTP traffic to use HTTPS.  For instance, if you enter http://server/exchange it will forward it to https://server/exchange.  Here is an MS article outlining this:
http://support.microsoft.com/kb/839357

0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Access point 6 86
managing a small network 6 80
Current date-time from Available WiFi connections 10 25
Lightweight Networking 9 31
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now