• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 475
  • Last Modified:

Messed up Exchange trying to install self generated SSL certificate

Please help!

I've tried to create my own SSL certificate for OWA on a Windows 2003 SBS server.  Suffice to say it didn't work and now when I try to make changes to Public Folders in Exchange System Manager I get "The SSL Certificate Server Name is Invalid" I have removed the "use SSL" tick boxes from the Exadmin, Exchweb, Exchange and Public sites in IIS and have run the resetIIS command, however I still get the error.  I then thought about just trying to delete the certificate however I don't know how to do this and didn't want to get myself in any deeper so this a cry for help! Can anyone please advise how I go about at least returning the system to how it was before attempting to use my own incorrectly set up SSL certificate?

This is urgent so would appreciate any quick response!

All the best

Adam
0
amlydiate
Asked:
amlydiate
  • 3
  • 3
1 Solution
 
chingmdCommented:
When you created the SSL certificate, did you use the name of the server or what you wanted people to use to go to it?

Also, I have gotten around SSL errors by your process, but I resarted IIS after making those changes.

0
 
SembeeCommented:
Run the Internet and Email wizard again. That will reset everything back to how it was before, including a replacement SSL certificate.

Simon.

--
If your question has been answered, pleased remember to accept the answer and close the question.
0
 
amlydiateAuthor Commented:
Hi Sembee,

I have run the wizard but it gives me a choice of creating a new web based SSL Certificate, using a web server certificate from a trusted authority, or leave the certificate as it is. None of these options seem appropriate if I want no certificate at all...

If however I was to create a new one, I don't know what to put in as the web server name, I tried before using the URL I created for them to use OWA (i.e. mail.example.com) however this didn't work before, should I just be using the server name itself? (i.e. 2K3Server)

Thanks for your help so far!

Adam
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
SembeeCommented:
There is no "no certificate" option. If you have messed up the directories then initially choose the option to create a new certificate. That will reset everything to how it was out of the box with SBS.

What you use for the SSL certificate name doesn't really matter as the certificate will not be trusted. You would need to replace the certificate only with a commercial SSL certificate to get round the trust issues.
When you are purchasing an SSL certificate it would be the external address used for the server - so mail.domain.com if you are using that. No https, / anything, just the host name.

Simon.
0
 
amlydiateAuthor Commented:
Hi Simon thanks very much for that, it seems to have worked, when I now connect via OWA it still says that the certificate is not trusted, is there a way that I can stop this from happening on client machines? Promise I'll award the points in a moment but if you could answer that one last thing that would be great! Thanks

Adam
0
 
SembeeCommented:
The trusted warning can only be dealt with in two ways.

1. Installing the certificate on to every machine.
2. Purchasing a certificate.

The first option, while it works, isn't very practical. When the certificate expires you have to repeat the process. Then it doesn't help when the users are away from the network or using non domain machines.

The second option is what I do. You can get trusted SSL certificates for US$20 - $60 a year if you look around (the sources are mentioned on this site frequently). They will be trusted and will not generate warnings for any clients, on or off site.

Simon.

--
If your question has been answered, pleased remember to accept the answer and close the question.
0
 
amlydiateAuthor Commented:
Simon, I'm really grateful for all your advice, points awarded and fully deserved!

All the best

Adam
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now