Link to home
Create AccountLog in
Avatar of ChrisCranie
ChrisCranie

asked on

SSL Config question for OWA on exchange 2003

Hi,
In the final steps of migration to 2003 from 2000, and I'm working on public folders. Since enabling SSL with a certificate, we've had the following error when connecting to public folders; http://support.microsoft.com/?id=324345

From my research, the error was caused by a certificate naming issue; we use http://mail.domain.org.uk/exchange externally, which I issued the certificate for, whereas ESM connects via http://servername/exchange and therefore causes the error.

I've resolved the error by doing the following, but would appreciate some expert advice on whether it's now secure or not.

Steps taken;
Removed certificate
Removed SSL requirement on all default websites
Confirmed that OWA and Public Folder connection from ESM were working
Re-created and installed certificate ONLY for the following root folders in IIS;
- Exchange
- ExchWeb
- Public

Is this ok?
Many thanks for your time.
Chris.
SOLUTION
Avatar of MichaelVH
MichaelVH
Flag of Belgium image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of ChrisCranie
ChrisCranie

ASKER

I've taken your advice Sembee and tried to re-enable to get both SSL on default website working and ESM able to connect to view public folders.

After ticking "Require SSL" and "128-bit encryption" I receive the message  "the following child nodes also define the value of the "UNCPassword" property which overrides the value you have just set. Please select from the list below those nodes which should use the new value"

I clicked OK without selecting, and then was asked again referring to the "AccessSSLFlags" property. I clicked OK again without selecting.

It now works - I'm able to connect and only ExAdmin seems to be de-selected and not using SSL. Should I have selected the above items though?
Regards,
Chris.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Thanks for all the input. Now up and running.