Link to home
Start Free TrialLog in
Avatar of Amritash
Amritash

asked on

SSL certificate error thru OWA in SBS 2003

I installed a go daddy turbo ssl certificate on my win 2003 sbs. I used the instructions ggiven at:-

"You'll find EXACT instructions on how to install the certificate here:  http://sbsurl.com/ssl

Jeff
TechSoEasy"

However,when I access exchange thru OWA,I still get certiciate error on the top?Even after I install the certificate in the trusted root certificates??

How do I solve this pls?Thks in advance.
Avatar of budchawla
budchawla
Flag of United Kingdom of Great Britain and Northern Ireland image

Did you install the intermediate cert? Look at GoDaddy's IIS cert installation instructions...
I've found that you can install the intermediate cert after installing your cert and it still works, so you shouldn't need to re-provision the certificate.

Also, note that some WM5 devices don't have the GoDaddy trusted root cert, so you may need to install the (root) cert manually... some vendors strip out some certs from the base set that MS ship in their image...
Avatar of redseatechnologies
You want to post a source link for your data above budchawla?

And what is the certificate complaining about?  Name?
I would've posted the link but I got the instructions thru my GoDaddy SSL account. Now I've checked and it seems that it's accessible any which way :-)
https://certificates.godaddy.com/InstallationInstructions_alt.go
Apologies, and that's cool - I copy/pasted because I (mistakenly) thought that the info wasn't available on the public site...
Avatar of Amritash
Amritash

ASKER

1) Error is:- ' The security certificate presented by this website was issued for a different website's address.

This problem may indicate an atempt to fool ...'

2) Re: Link given fr godaddy ssl instructions

How do I know if I am on IIS 4,5 or 6?

3) Where do I find the intermediate certificate as I did not get it when I got my ceritificate. Infact I did not receive an email fm godaddy and after enquiring was given an url where I cud download the certificate.There were a number of options of different types.Shud i go thru the whole process again and reissue the certificate. Can anyone pls guide me to step by step instructions.
Hi
You've got to check a couple of things:
1. Have you got the cert details & common name right? This should be the full domain name you use to access your OWA, such as owa.mydomain.com
Note that turbo SSL certs aren't wildcard certs.
2. Are you accessing your OWA site using the FQDN as opposed to the local address from within the network i.e. https://server/exchange
3. When your cert was issued, you should have been sent a link to a zip file containing both your new cert as well as the intermediate. If not, you should still be able to log into your SSL account and download this zip file. Failing that, the intermediate bundle for IIS is available from https://certificates.godaddy.com/Repository.go , download the Go Daddy PKCS7 Certificate Intermediates Bundle (for Windows IIS), the file is called gd_iis_intermediates.p7b.



AFAIK, if you're running SBS 2003 then you're pretty much definitely running IIS 6 unless you've up/downgraded IIS manually!
It is clearly a naming problem

What is the name on the certificate, and what name are you trying to access the server on?
When I use https://server/exchange,i do not get an error but a lock icon.

When I use http://server ip/exchange I get a certificate error??

Is this what u mean? What am i doing wrong?
ASKER CERTIFIED SOLUTION
Avatar of budchawla
budchawla
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
What is the common name on the cert you've provisioned?
You can't use an SSL certificate without error on an IP address - that isn't how they work.
SO shud I change something or not?
I can only tell you if you need to change something if I know what it currently is.

- You *should* try to access your OWA via the internet FQDN. You haven't told us what this is, so something like https://owa.yourdomain.com/exchange
- Your certificate common name should match the hostname above, i.e. the cert should be in the name of owa.yourdomain.com (you haven't told us what the name on your cert is)

If this is how you've got things set up then NO, you don't need to change anything.

If this isn't how you're set, then YES you need to change something!
The situation is that the certificate in OWA seems to comeform publishing.domainname.com

When I access https://servername/exchange, i do not get any error,only the lock icon

Any other way gives me an error. using the https://owa.yourdomainname/exchange gives a proxy error 502?
Are you able to provide the OWA URL so that we can see for ourselves? It would save a heck of a lot of going back-and-forth...