• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1451
  • Last Modified:

SSL certificate error thru OWA in SBS 2003

I installed a go daddy turbo ssl certificate on my win 2003 sbs. I used the instructions ggiven at:-

"You'll find EXACT instructions on how to install the certificate here:  http://sbsurl.com/ssl

Jeff
TechSoEasy"

However,when I access exchange thru OWA,I still get certiciate error on the top?Even after I install the certificate in the trusted root certificates??

How do I solve this pls?Thks in advance.
0
Amritash
Asked:
Amritash
  • 10
  • 4
  • 3
1 Solution
 
budchawlaCommented:
Did you install the intermediate cert? Look at GoDaddy's IIS cert installation instructions...
0
 
budchawlaCommented:
I've found that you can install the intermediate cert after installing your cert and it still works, so you shouldn't need to re-provision the certificate.

Also, note that some WM5 devices don't have the GoDaddy trusted root cert, so you may need to install the (root) cert manually... some vendors strip out some certs from the base set that MS ship in their image...
0
 
redseatechnologiesCommented:
You want to post a source link for your data above budchawla?

And what is the certificate complaining about?  Name?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
budchawlaCommented:
I would've posted the link but I got the instructions thru my GoDaddy SSL account. Now I've checked and it seems that it's accessible any which way :-)
https://certificates.godaddy.com/InstallationInstructions_alt.go
0
 
budchawlaCommented:
Apologies, and that's cool - I copy/pasted because I (mistakenly) thought that the info wasn't available on the public site...
0
 
AmritashAuthor Commented:
1) Error is:- ' The security certificate presented by this website was issued for a different website's address.

This problem may indicate an atempt to fool ...'

2) Re: Link given fr godaddy ssl instructions

How do I know if I am on IIS 4,5 or 6?

3) Where do I find the intermediate certificate as I did not get it when I got my ceritificate. Infact I did not receive an email fm godaddy and after enquiring was given an url where I cud download the certificate.There were a number of options of different types.Shud i go thru the whole process again and reissue the certificate. Can anyone pls guide me to step by step instructions.
0
 
budchawlaCommented:
Hi
You've got to check a couple of things:
1. Have you got the cert details & common name right? This should be the full domain name you use to access your OWA, such as owa.mydomain.com
Note that turbo SSL certs aren't wildcard certs.
2. Are you accessing your OWA site using the FQDN as opposed to the local address from within the network i.e. https://server/exchange
3. When your cert was issued, you should have been sent a link to a zip file containing both your new cert as well as the intermediate. If not, you should still be able to log into your SSL account and download this zip file. Failing that, the intermediate bundle for IIS is available from https://certificates.godaddy.com/Repository.go , download the Go Daddy PKCS7 Certificate Intermediates Bundle (for Windows IIS), the file is called gd_iis_intermediates.p7b.



0
 
budchawlaCommented:
AFAIK, if you're running SBS 2003 then you're pretty much definitely running IIS 6 unless you've up/downgraded IIS manually!
0
 
redseatechnologiesCommented:
It is clearly a naming problem

What is the name on the certificate, and what name are you trying to access the server on?
0
 
AmritashAuthor Commented:
When I use https://server/exchange,i do not get an error but a lock icon.

When I use http://server ip/exchange I get a certificate error??

Is this what u mean? What am i doing wrong?
0
 
budchawlaCommented:
OK here's the thing:
Your SSL cert is assigned for a particular hostname. You should have provisioned the cert for something like owa.yourdomain.com or mail.yourdomain.com so that when users connect to OWA over the internet, the name matches that on the cert.

If you get a lock icon when typing in https://server/exchange then you've probably provisioned the cert for your internal name rather than the public FQDN of your SBS server.

And if you type in the IP address then you will definitely get a certificate error since there is a mismatch: the cert is for a domain name, not an IP address. Why are you using an IP to reach the server?
0
 
budchawlaCommented:
What is the common name on the cert you've provisioned?
0
 
redseatechnologiesCommented:
You can't use an SSL certificate without error on an IP address - that isn't how they work.
0
 
AmritashAuthor Commented:
SO shud I change something or not?
0
 
budchawlaCommented:
I can only tell you if you need to change something if I know what it currently is.

- You *should* try to access your OWA via the internet FQDN. You haven't told us what this is, so something like https://owa.yourdomain.com/exchange
- Your certificate common name should match the hostname above, i.e. the cert should be in the name of owa.yourdomain.com (you haven't told us what the name on your cert is)

If this is how you've got things set up then NO, you don't need to change anything.

If this isn't how you're set, then YES you need to change something!
0
 
AmritashAuthor Commented:
The situation is that the certificate in OWA seems to comeform publishing.domainname.com

When I access https://servername/exchange, i do not get any error,only the lock icon

Any other way gives me an error. using the https://owa.yourdomainname/exchange gives a proxy error 502?
0
 
budchawlaCommented:
Are you able to provide the OWA URL so that we can see for ourselves? It would save a heck of a lot of going back-and-forth...
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 10
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now