Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 593
  • Last Modified:

OWA SSL not working outside of LAN

We're trying to do the whole RCP over HTTPS deal and the HTTPS OWA client work inside the LAN but outside we get a warning of a certificate error (in IE 7) and then a page cannot be displayed. We have a Sonicwall 2040 Firewall, Exchange 2003 SP2, SBS 2003 and IIS 6.0. I believe I have the port completely wide open on the sonic wall.

We have our main DC/AD server and then 4 other servers including our Exchange Server (of which we have just 1 of).

Please help!
0
pstiffsae
Asked:
pstiffsae
  • 6
  • 5
1 Solution
 
LegendZMPrincipal Security ArchitectCommented:
Are you using a self signed certificate, or have you purchased one from an authorized authority? (such as godaddy)
0
 
pstiffsaeAuthor Commented:
Yes, have a free one from FreeSSL for the next month.
0
 
LegendZMPrincipal Security ArchitectCommented:
That would be why you're getting a certificate error. Unless you install the certificate on each user's computer, because it's not from a signed authority. You can purchase one from Godaddy for ~30$/yr and be done with the error message :)
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
pstiffsaeAuthor Commented:
Wait, for real, it's THAT easy?
0
 
pstiffsaeAuthor Commented:
Can you explain a bit further?
0
 
LegendZMPrincipal Security ArchitectCommented:
Sure,

The certificate error (if you can provide a screen shot and use the attach file function that would be great) Is because the certificate you're using is not from a trusted certificate authority. There are plenty of them out there, Verisign, Thawte, Godaddy (one of the cheapest ones but still trusted), and will eliminate the certificate error because they're in the trusted list within web browsers phones etc.

Now on the firewall, make sure port 443 and 80 are port forwarded to the server hosting exchange/IIS (they go hand in hand)  Also make sure forms based authentication is on/configured:
http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm
0
 
pstiffsaeAuthor Commented:
Yeah, but when you continue on to the site, I get a page cannot be displayed error and no warning of the certificate error on IE 6. I can access the HTTPS site while in office, at home, I cannot. I get a page cannot be displayed.
0
 
pstiffsaeAuthor Commented:
No, you were right on. I need to get a trust cert and I did't have the port forwarded to the exchange server properly on the firewall.
0
 
pstiffsaeAuthor Commented:
You literally saved me from another night of pulling my hair out. Thank you!
0
 
LegendZMPrincipal Security ArchitectCommented:
Ok, lets go back a step

You have: Exchange 2003 SP2, SBS 2003 and IIS 6.0.

Is the Exchange 2003 sp2 on the SBS or is SBS separate, likewise, is IIS6 a server in itself? Or do you have all of this encompassed under the SBS server. Let's assume it's all encompassed.

You need more than having all the ports 'open' on the firewall, you need to Forward incoming requests on port 80, 443 to the internal ip 192.168.x.x (or another internal ip) of the SBS 2003 server.
0
 
LegendZMPrincipal Security ArchitectCommented:
Glad I could help. :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now