Solved

How do I create Exchange 2003 Certificate and install in ISA 2004 to access OWA through https:

Posted on 2007-11-18
5
1,254 Views
Last Modified: 2008-11-17
I had a problem in exchange 2003 STD Server and I had to format and reinstall Exchange 2003. I deleted the Certificate ( in fact forgot the password for the .pfx certificate). Now I need to create a new certificate on Exchange and than create a rule on ISA 2004 and show this certificate. Please can you guide me the configuration steps as well as creating a new certificate for ISA.
Also I had a firewall client installed in Exchange 2003 Server which we have removed. We think it was the reason for our Exchange Server hanging very often. So do I need to reinstall the firewall client to access the Exchange Server. My ISA server is in DMZ behind PIX firewall. My exchange server is in private network. My Operating system is Windows 2003  STD edition. Please guide the configuration for both ISA and Exchange
0
Comment
Question by:irfan_sj
  • 3
  • 2
5 Comments
 
LVL 7

Expert Comment

by:mcse2007
ID: 20310321
There are two ways to obtain SSL certificate for OWA and these

1) buy Commercial Certificate for SSL (e.g www.godaddy.com) and install the certificate - this is an expensive way deploying certificate;
2) install CA authority from Windows 2003 Server - inexpensive way of deplyoing certificate because its free.

The latter is the good choice if you cannot afford to pay for the commercial certificate.

Useful links:
How to install CA in Windows 2003 Server: http://www.petri.co.il/install_windows_server_2003_ca.htm

Requesting a New Server Certificate from an Online CA (IIS 6.0): http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/d693beec-e151-44fa-9f7e-80770de6bb9d.mspx?mfr=true

Better still, http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

Note: You will need to open the port 443 (SSL) in your PIX firewall to be able to access OWA from the public network.

thanks,
mcse2007
0
 
LVL 7

Expert Comment

by:mcse2007
ID: 20310338
ISA 2004: Publishing OWA Sites using ISA Firewall Web Publishing Rules (2004) Version 1.1
http://www.isaserver.org/articles/2004pubowartm.html

cheers,
mcse2007

0
 

Author Comment

by:irfan_sj
ID: 20314411
Hello, I did as recommended. Installed CA , created certficate. Copied to c:\ drive of ISA server. Cretaed a new OWA publish rule.

Now when I try t access OWA from Internet the page doesn't open. I get a error on the http:  screen as
"Certificate Error".
When I click on it I get the certificate information
The certificate cannot be verified upto a trusted certification authority.
Issued to mail.dnata.com.sa
issued by dnsa_kh_hq_ex04
valid from 11/19/2007 to 11/18/2009
0
 
LVL 7

Accepted Solution

by:
mcse2007 earned 500 total points
ID: 20315926
Before you attempt to access OWA from external, try accessing it first in your LAN.

Are you able to make successful connection to OWA from your LAN? If yes, most likely the issue is coming from ISA - triple check your work base from those links mentioned above. Even one or two simple step omitted is enough to prevent you from accessing OWA from public network.

The reason your CA cannot be verified because it came from a private CA authority, your server (unlike verisign certificates are authorised and pre-loaded into microsoft O/S). Install the certificate into the pc accessing the OWA under the trusted root certificate folder so it will be trusted.
0
 

Author Comment

by:irfan_sj
ID: 20333041
Hi, Thanks for your feedback. I am able to access OWA from LAN. I am now able to access from internet also the only problem being it refects that there is a certificate error. You mentioned iinstall the certificate into the PC accessing the OWA under the trusted root certificate folder. Can you provide link for this.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question