Link to home
Create AccountLog in
Avatar of amlydiate
amlydiate

asked on

Messed up Exchange trying to install self generated SSL certificate

Please help!

I've tried to create my own SSL certificate for OWA on a Windows 2003 SBS server.  Suffice to say it didn't work and now when I try to make changes to Public Folders in Exchange System Manager I get "The SSL Certificate Server Name is Invalid" I have removed the "use SSL" tick boxes from the Exadmin, Exchweb, Exchange and Public sites in IIS and have run the resetIIS command, however I still get the error.  I then thought about just trying to delete the certificate however I don't know how to do this and didn't want to get myself in any deeper so this a cry for help! Can anyone please advise how I go about at least returning the system to how it was before attempting to use my own incorrectly set up SSL certificate?

This is urgent so would appreciate any quick response!

All the best

Adam
Avatar of chingmd
chingmd

When you created the SSL certificate, did you use the name of the server or what you wanted people to use to go to it?

Also, I have gotten around SSL errors by your process, but I resarted IIS after making those changes.

Run the Internet and Email wizard again. That will reset everything back to how it was before, including a replacement SSL certificate.

Simon.

--
If your question has been answered, pleased remember to accept the answer and close the question.
Avatar of amlydiate

ASKER

Hi Sembee,

I have run the wizard but it gives me a choice of creating a new web based SSL Certificate, using a web server certificate from a trusted authority, or leave the certificate as it is. None of these options seem appropriate if I want no certificate at all...

If however I was to create a new one, I don't know what to put in as the web server name, I tried before using the URL I created for them to use OWA (i.e. mail.example.com) however this didn't work before, should I just be using the server name itself? (i.e. 2K3Server)

Thanks for your help so far!

Adam
There is no "no certificate" option. If you have messed up the directories then initially choose the option to create a new certificate. That will reset everything to how it was out of the box with SBS.

What you use for the SSL certificate name doesn't really matter as the certificate will not be trusted. You would need to replace the certificate only with a commercial SSL certificate to get round the trust issues.
When you are purchasing an SSL certificate it would be the external address used for the server - so mail.domain.com if you are using that. No https, / anything, just the host name.

Simon.
Hi Simon thanks very much for that, it seems to have worked, when I now connect via OWA it still says that the certificate is not trusted, is there a way that I can stop this from happening on client machines? Promise I'll award the points in a moment but if you could answer that one last thing that would be great! Thanks

Adam
ASKER CERTIFIED SOLUTION
Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Simon, I'm really grateful for all your advice, points awarded and fully deserved!

All the best

Adam