Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Expired Self-Issued Certificate

Posted on 2006-11-22
6
Medium Priority
?
745 Views
Last Modified: 2012-05-05
I have Exchange 2003 SP2 running OWA with a self-issued certificate from the CA running on the local Exchange Server.  It was valid for 2004-2006 and expired a few months ago.  This normally doesn't matter, we just use it for internal SSL for OWA.  

I'm now setting up Microsoft Direct Push, and I got it to work unsecured http.  I want to secure the data between the mobile devices and the server by using SSL, but the mobile devices don't like our expired certificate.  I recently revoked the certificate to create a new one.  

I created a dummy site in IIS, and went through the wizard to create a new certificate, but it hasn't shown up anywhere yet.

Please advise on the best technique for me to run our OWA and Exchange Active Sync under a non-expired Cert so I can continue my project.

Just for sport, I was given a Thanksgiving deadline yesterday on implementing Direct Push for Mobile devices for the company so the boss can see how well it works.

0
Comment
Question by:dempsedm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 26

Accepted Solution

by:
jar3817 earned 210 total points
ID: 17999961
Buy a real cert from a trusted authority. I could be wrong, but I've heard you need a trusted cert for direct push (and rpc over https) to work properly. You can get one for $20/yr at godaddy.com.
0
 
LVL 4

Author Comment

by:dempsedm
ID: 17999980
I may consider this, but for testing purposes was hoping to use my own.
0
 
LVL 4

Author Comment

by:dempsedm
ID: 17999983
Also, I have used RPC over https with self cert.
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 
LVL 4

Author Comment

by:dempsedm
ID: 18000025
To clarify, you do need a trusted cert, but you can add your own to be trusted.  Some are already "pre-trusted" from verisign, etc.  I have installed the cert properly to the device, but it expired a few months ago.
0
 
LVL 7

Assisted Solution

by:dlangr
dlangr earned 150 total points
ID: 18000195
see http://www.isaserver.org/tutorials/2004owafba.html for a good explanation of how to use your own self-signed certificate, you can leave out the isa part if you don't use it.

If you are using self-signed certificates you usually have to edit the registry of the mobile devices to allow importing self signed certificates or use a tool like http://www.jacco2.dds.nl/networking/pfximprt.html#Using_pfximprt
0
 
LVL 8

Assisted Solution

by:deadite
deadite earned 150 total points
ID: 18000839
If you want to setup SSL (for free) you can create your own SA, generate the cert request, then have your CA make the cert.  Here is a simple step by step direction to do this:
http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

In addition, you will probably want to automatically redirect HTTP traffic to use HTTPS.  For instance, if you enter http://server/exchange it will forward it to https://server/exchange.  Here is an MS article outlining this:
http://support.microsoft.com/kb/839357

0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question