kingcastle
asked on
simple setup of rpc http
Hi
We have a very simple setup. One windows 2003 DC and one exchange 2003 server. Both servers are protected from the outside va a firewall.
Currently we have access to OWA via http:\\mail.mydomain.com\exchange and this works well for us. We do not use ssl anyhwere on the mail setup.
However now we would like to begin using RPC over HTTP. I have looked at some docs on the net about to get this going but all of them mention ssl somewhere in the loop. i was wondering if there is a simple set of steps i need to do to start this process of getting RPC over HTTP to work. I now nothing about ssl so real basic advice would be great.
ta
We have a very simple setup. One windows 2003 DC and one exchange 2003 server. Both servers are protected from the outside va a firewall.
Currently we have access to OWA via http:\\mail.mydomain.com\exchange and this works well for us. We do not use ssl anyhwere on the mail setup.
However now we would like to begin using RPC over HTTP. I have looked at some docs on the net about to get this going but all of them mention ssl somewhere in the loop. i was wondering if there is a simple set of steps i need to do to start this process of getting RPC over HTTP to work. I now nothing about ssl so real basic advice would be great.
ta
The feature should be called RPC over HTTPS because HTTPS is mandatory. There are some undocumented hacks around for doing it with HTTP, but I don't recommend them and would not suggest that you even try.
The first thing I would suggest is get an SSL certificate. A 30 day trial certificate will be fine. RapidSSL have those at http://www.rapidssl.com/ They also have full instructions on how to apply for and install their certificate.
Once you have the certificate, then you are in a position to setup RPC over HTTPS. My instructions are at http://www.amset.info/exchange/rpc-http.asp
Take note of the suggestion to get it working inside your firewall first, that can cause problems if you don't.
Simon.
The first thing I would suggest is get an SSL certificate. A 30 day trial certificate will be fine. RapidSSL have those at http://www.rapidssl.com/ They also have full instructions on how to apply for and install their certificate.
Once you have the certificate, then you are in a position to setup RPC over HTTPS. My instructions are at http://www.amset.info/exchange/rpc-http.asp
Take note of the suggestion to get it working inside your firewall first, that can cause problems if you don't.
Simon.
ASKER
thanks folks, im sorry if this sounds silly but once i get my sll cert what do i apply it to . Im thinking of buying this ssl from my isp its about 80 quid or so, so not a great deal but once i get what do i apply it to?
once again sorry if this seems silly
once again sorry if this seems silly
The certificates from RapidSSL are billed in US$, currently they cost £23 on the exchange rate (got to love the weak dollar).
Get the trial certificate first - that will get your feet wet on the process. The certificate is applied to the web site.
http://www.rapidssl.com/ssl-certificate-support/ssl-support.htm
Create the CCR as per their instructions. When you set the common name - that is the name you want to use externally - so mail.domain.com - no http or / anything - just the host name.
Get the trial certificate first - that will get your feet wet on the process. The certificate is applied to the web site.
http://www.rapidssl.com/ssl-certificate-support/ssl-support.htm
Create the CCR as per their instructions. When you set the common name - that is the name you want to use externally - so mail.domain.com - no http or / anything - just the host name.
ASKER
ok so i will buy the ssl we are going to use mail.mydomain.com for rpc. if i apply this an ssl will it affect my mail flow in anyway?
and will this also secure my http:\\mail.mydomain.com\exchange\exchange setup as well?
cheers
and will this also secure my http:\\mail.mydomain.com\exchange\exchange setup as well?
cheers
It will have nothing effect on email flow.
The SSL certificate will protect all web services on the server, so OWA, OMA, RPC over HTTPS. I have even used them for WSUS when installed on the same machine.
Simon.
The SSL certificate will protect all web services on the server, so OWA, OMA, RPC over HTTPS. I have even used them for WSUS when installed on the same machine.
Simon.
ASKER
cheers simon now the thing is that when i goto buy an ssl for our domain i .e mydoamin.com the ssl cert seems to want to apply to mydomain.com only but we use mail.mydomain.com for most of our email stuff which is basically just an a record we setup for mail. Im guessing we only need to ssl cert mail.mydomain.com? i dont really think an ssl cert for mydomain.com is needed or can you only ssl the top level domain name? or am i doing this totally wrong?
ta
ta
When you create the SSL certificate request set the common name as mail.domain.com, not just domain.com.
However before you request a certificate you will need an A record for that same host name, so if you want to use mail, then you will need a record of mail. If you receive email directly by SMTP then you may already have a host name that you can use.
Simon.
However before you request a certificate you will need an A record for that same host name, so if you want to use mail, then you will need a record of mail. If you receive email directly by SMTP then you may already have a host name that you can use.
Simon.
ASKER
currently our domain setup is as follows
Type Key value
MX @ mail.mydomain.com
A mail server wan ip address
a vpn vpn server wan ip address
we use mail.mydomain.com for all our email stuff ie OWA and smtp mail. what should i be asking y isp to put a ssl cert on?
cheers
Type Key value
MX @ mail.mydomain.com
A mail server wan ip address
a vpn vpn server wan ip address
we use mail.mydomain.com for all our email stuff ie OWA and smtp mail. what should i be asking y isp to put a ssl cert on?
cheers
On that basis I would suggest that the common name on the SSL certificate be set as mail.domain.com - you already have the A record in place, so nothing more DNS wise will be required.
Simon.
Simon.
ASKER
looks like my isp cant do this, they reckon i have to out the certificate on my domain name ie mydomain.com but i dont want to do this, we use our mydomain.com for a shopping type main site, i only want to ssl mail.mydomain.com which is an a record of the main domain.
Is what i am trying to do not possible?
Is what i am trying to do not possible?
Your ISP is a muppet. You don't have to get an SSL certificate from them. Just go to another SSL source, generate an SSL certificate with the common name of mail.domain.com and install it yourself. Ignore the ISP.
Simon.
Simon.
ASKER
cool i use that one you suggested earlier and post back
cheers
cheers
ASKER
its me again simon sorry, im trying to register with rapid ssl for the 30 day trial and then buy the cert outright if it works well for us.
I get as far as the generate you CSR and this is were im stumped....."Select the computer and web site (host) that you wish to secure.
Right mouse-click to select Properties"
which site should i be trying to secure my iis on my exchange server looks like this
Exadmin
Exchange
Exchange-Web
Microsoft-Web
OMA
Public
RPC
RPC with Cert
Bearing in mind we access our OWA via mail.mydomain.com
cheers
I get as far as the generate you CSR and this is were im stumped....."Select the computer and web site (host) that you wish to secure.
Right mouse-click to select Properties"
which site should i be trying to secure my iis on my exchange server looks like this
Exadmin
Exchange
Exchange-Web
Microsoft-Web
OMA
Public
RPC
RPC with Cert
Bearing in mind we access our OWA via mail.mydomain.com
cheers
You don't secure a directory, you secure a web site. Therefore you will need to right click on the Default Web Site and then choose the Directory Security tab. The wizard to create the CSR is on that tab.
Simon.
Simon.
ASKER
thanks simon, i followed all the steps and got the cert on the server and then followed your steps, but for some reason when the reps are out of the office and try to use outlook it just keeps saying trying to connect to microsoft exchange server and does not do anything else.
cheers
cheers
Does it work internally?
And that doesn't just mean Outlook starting and appearing to connection, you need to use the connection status screen (hold down CTRL and right click on the Outlook icon) to see if the connection is TCP/IP or HTTPS.
Simon.
And that doesn't just mean Outlook starting and appearing to connection, you need to use the connection status screen (hold down CTRL and right click on the Outlook icon) to see if the connection is TCP/IP or HTTPS.
Simon.
ASKER
hi simon i have just tried this from outside the network and it works brilliantly but from inside the network its a no go?
cheers
cheers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
simon
what can i say you are the man
what can i say you are the man
ASKER
brilliant
http://www.amset.info/exchange/default.asp
http://www.certificatesforexchange.com/
>>>> Veera.