?
Solved

Expired Self-Issued Certificate

Posted on 2006-11-22
6
Medium Priority
?
740 Views
Last Modified: 2012-05-05
I have Exchange 2003 SP2 running OWA with a self-issued certificate from the CA running on the local Exchange Server.  It was valid for 2004-2006 and expired a few months ago.  This normally doesn't matter, we just use it for internal SSL for OWA.  

I'm now setting up Microsoft Direct Push, and I got it to work unsecured http.  I want to secure the data between the mobile devices and the server by using SSL, but the mobile devices don't like our expired certificate.  I recently revoked the certificate to create a new one.  

I created a dummy site in IIS, and went through the wizard to create a new certificate, but it hasn't shown up anywhere yet.

Please advise on the best technique for me to run our OWA and Exchange Active Sync under a non-expired Cert so I can continue my project.

Just for sport, I was given a Thanksgiving deadline yesterday on implementing Direct Push for Mobile devices for the company so the boss can see how well it works.

0
Comment
Question by:dempsedm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 26

Accepted Solution

by:
jar3817 earned 210 total points
ID: 17999961
Buy a real cert from a trusted authority. I could be wrong, but I've heard you need a trusted cert for direct push (and rpc over https) to work properly. You can get one for $20/yr at godaddy.com.
0
 
LVL 4

Author Comment

by:dempsedm
ID: 17999980
I may consider this, but for testing purposes was hoping to use my own.
0
 
LVL 4

Author Comment

by:dempsedm
ID: 17999983
Also, I have used RPC over https with self cert.
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 4

Author Comment

by:dempsedm
ID: 18000025
To clarify, you do need a trusted cert, but you can add your own to be trusted.  Some are already "pre-trusted" from verisign, etc.  I have installed the cert properly to the device, but it expired a few months ago.
0
 
LVL 7

Assisted Solution

by:dlangr
dlangr earned 150 total points
ID: 18000195
see http://www.isaserver.org/tutorials/2004owafba.html for a good explanation of how to use your own self-signed certificate, you can leave out the isa part if you don't use it.

If you are using self-signed certificates you usually have to edit the registry of the mobile devices to allow importing self signed certificates or use a tool like http://www.jacco2.dds.nl/networking/pfximprt.html#Using_pfximprt
0
 
LVL 8

Assisted Solution

by:deadite
deadite earned 150 total points
ID: 18000839
If you want to setup SSL (for free) you can create your own SA, generate the cert request, then have your CA make the cert.  Here is a simple step by step direction to do this:
http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

In addition, you will probably want to automatically redirect HTTP traffic to use HTTPS.  For instance, if you enter http://server/exchange it will forward it to https://server/exchange.  Here is an MS article outlining this:
http://support.microsoft.com/kb/839357

0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question