Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 344
  • Last Modified:

IIS, Exchange 2007 and the UCC (SAN) Cert

Hey guys,

Having a problem here and I'm not quite sure how to go about it, or if I can at all.

So here's what's going on. I have exchange 2007 running on server 2008. Everything is running fine. This is the only server with exchange, and the only OWA server also.

Here's what I've done.

I've installed a UCC certificate with the folowing CN: webmail.domain.com

It has the following SA names: servername.domain.local; autodiscover.domain.com

I have an HTTP redirect in IIS7 running on the default webpage to point servername.domain.local at servername.domain.local/owa

The cert works fine for MAPI, POP, IMAP and IIS.

However, here's the problem:

IIS works fine from the outside when I type https://webmail.domain.com - no certificate warnings.

But from the inside when I type "servername.domain.local" I'm still getting a certificate warning. I'm assuming that this is because I'm redirecting to /owa, but when I try and rekey my UCC cert, it will not allow me to have an SA name with /owa on it.

Any ideas on what I can do to resolve this issue?

Many thanks,
Mark
0
IncubusJax
Asked:
IncubusJax
1 Solution
 
MesthaCommented:
Certificates do not have / anything in them. They protect a host name only, not directories.
Therefore the fact that you are redirecting to /owa should not cause any problems.

How did you do the redirect? If you enter the full URL in manually, not through a redirect, does it work correctly then?

-M
0
 
IncubusJaxAuthor Commented:
Interesting.

If I type "https://servername.domain.local" then it works great.

But if I type "http://servername.domain.local" then it get the certificate error.

Here's how I have redirection set up :

Under "Default Website" in IIS7 I have enabled "redirect requests to this destination: "/owa" under the HTTP Redirect icon.

I also have a 403 redirect enabled to "https://servername/owa", which now that I think about it, may be the problem. I'm going to change that and test.

Heh, that was the problem. Dang. See I just needed you to help my logic it through. ;)

Thank You!

Mark
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now