amlydiate
asked on
Messed up Exchange trying to install self generated SSL certificate
Please help!
I've tried to create my own SSL certificate for OWA on a Windows 2003 SBS server. Suffice to say it didn't work and now when I try to make changes to Public Folders in Exchange System Manager I get "The SSL Certificate Server Name is Invalid" I have removed the "use SSL" tick boxes from the Exadmin, Exchweb, Exchange and Public sites in IIS and have run the resetIIS command, however I still get the error. I then thought about just trying to delete the certificate however I don't know how to do this and didn't want to get myself in any deeper so this a cry for help! Can anyone please advise how I go about at least returning the system to how it was before attempting to use my own incorrectly set up SSL certificate?
This is urgent so would appreciate any quick response!
All the best
Adam
I've tried to create my own SSL certificate for OWA on a Windows 2003 SBS server. Suffice to say it didn't work and now when I try to make changes to Public Folders in Exchange System Manager I get "The SSL Certificate Server Name is Invalid" I have removed the "use SSL" tick boxes from the Exadmin, Exchweb, Exchange and Public sites in IIS and have run the resetIIS command, however I still get the error. I then thought about just trying to delete the certificate however I don't know how to do this and didn't want to get myself in any deeper so this a cry for help! Can anyone please advise how I go about at least returning the system to how it was before attempting to use my own incorrectly set up SSL certificate?
This is urgent so would appreciate any quick response!
All the best
Adam
Run the Internet and Email wizard again. That will reset everything back to how it was before, including a replacement SSL certificate.
Simon.
--
If your question has been answered, pleased remember to accept the answer and close the question.
Simon.
--
If your question has been answered, pleased remember to accept the answer and close the question.
ASKER
Hi Sembee,
I have run the wizard but it gives me a choice of creating a new web based SSL Certificate, using a web server certificate from a trusted authority, or leave the certificate as it is. None of these options seem appropriate if I want no certificate at all...
If however I was to create a new one, I don't know what to put in as the web server name, I tried before using the URL I created for them to use OWA (i.e. mail.example.com) however this didn't work before, should I just be using the server name itself? (i.e. 2K3Server)
Thanks for your help so far!
Adam
I have run the wizard but it gives me a choice of creating a new web based SSL Certificate, using a web server certificate from a trusted authority, or leave the certificate as it is. None of these options seem appropriate if I want no certificate at all...
If however I was to create a new one, I don't know what to put in as the web server name, I tried before using the URL I created for them to use OWA (i.e. mail.example.com) however this didn't work before, should I just be using the server name itself? (i.e. 2K3Server)
Thanks for your help so far!
Adam
There is no "no certificate" option. If you have messed up the directories then initially choose the option to create a new certificate. That will reset everything to how it was out of the box with SBS.
What you use for the SSL certificate name doesn't really matter as the certificate will not be trusted. You would need to replace the certificate only with a commercial SSL certificate to get round the trust issues.
When you are purchasing an SSL certificate it would be the external address used for the server - so mail.domain.com if you are using that. No https, / anything, just the host name.
Simon.
What you use for the SSL certificate name doesn't really matter as the certificate will not be trusted. You would need to replace the certificate only with a commercial SSL certificate to get round the trust issues.
When you are purchasing an SSL certificate it would be the external address used for the server - so mail.domain.com if you are using that. No https, / anything, just the host name.
Simon.
ASKER
Hi Simon thanks very much for that, it seems to have worked, when I now connect via OWA it still says that the certificate is not trusted, is there a way that I can stop this from happening on client machines? Promise I'll award the points in a moment but if you could answer that one last thing that would be great! Thanks
Adam
Adam
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Simon, I'm really grateful for all your advice, points awarded and fully deserved!
All the best
Adam
All the best
Adam
Also, I have gotten around SSL errors by your process, but I resarted IIS after making those changes.