Solved

After installing a CA and certificate, SSL OWA still has IE balking at an invalid certificate

Posted on 2008-10-19
4
515 Views
Last Modified: 2013-11-05
I have installed Exchange 2003, on the same server setup IIS(of course), and a Certificate Authority server.  I have created a certificate (msexchange.org/tutorials/SSL_Enabling_OWA_2003.html) and followed that article to a 'T'

However, I still get, with IE 7 that "There is a problem with this website's security certificate message.
Clicking on the continue link still gets me to where I have to be, but the session is still not encrypted (as evident my the missing yellow lock on the bottom of the IE window).  And I just don't want that screen to come up, just right to the logon screen.  Both my internal and external users point to the same URL for OWA - https://mail.domain.org/exchange - so my certificate was created using the name domain.org
0
Comment
Question by:mcannet
  • 2
4 Comments
 
LVL 9

Expert Comment

by:mbodewes
ID: 22752395
Just an idea, but certificates in IE generally require the use of the full server name, including the "mail" part of the name. Note that there are also sites that end with .co.uk, so just requiring the last two parts of the domain name would not be sufficient. Are you sure you don't have any encryption? Normally a socket will only accept or disallow SSL, and after accepting a certificate for an un-authenticated session, you would still have encryption left (this may depend on the SSL protocol used though).
0
 
LVL 1

Author Comment

by:mcannet
ID: 22752407
my mistake... I did have mail.domain.org in my certificate - created it with windows 2003 CA.  I'm not 100% sure I DON'T have encryption, but either way, still would like to get rid of the IE message before the logon screen.

Do I have to publish my domain/CA with a public entity??
0
 
LVL 9

Accepted Solution

by:
mbodewes earned 125 total points
ID: 22752457
Actually, the web site you are following ends with the pop-up screen. You will have to import the root CA certificate you created into the different browsers certificate store for it not to pop up. You cannot publish your domain/CA with a public entity, what you can do is create a certificate request and send that to a trusted third party (e.g. Verizon). You can have a look at the root certificates currently stored in internet explorer. You will either have to get your root certificate into that list by importing it per browser (or a domain to distribute it) or use one of the services that already have their root certificate in that list.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange Powershell Help 3 35
need assistance with this powershell script 4 43
Install SSL certificate on Cisco ASA 5506 6 27
Bot attack question 11 23
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question