[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 457
  • Last Modified:

SBS 2003 IIS Settings

I have an SBS 2003 machine that I think I have IIS set up incorreclty on.

Here's my info:

Domain:
domain-one.local

Websites:
domain-one.com
domain-two.com

OWA Mail Sites (both go to the same place, just use two names:)
mail.domain-one.com
mail.domain-two.com

Both website domains recieve e-mail and have websites on the server. I also use RPC over HTTP.
A self generated SSL certificate was created in the name of mail.domain-two.com, but I recieve security warnings from clients stating the "CA Root Cert is Not Trusted." When accessing OWA from either site.
Also, my Exchange OWA IIS site is set with no host header values, so I believe that any host header that is not defined by another site is automatically sent to OWA.

What do I need to do to get my configuration correct? I would like the SSL to work correctly. I read something about installing Certificate Services and creating a Root CA? I also have looked into purchasing a 3rd party SSL cert. Since I have two domain sites running on the same server, how do I set up the SSL correctly?

Finally, if my Exchange OWA SSL port is 443, does that mean any other sites I want to use SSL on have to use a different port?

Thanks
0
bezell2
Asked:
bezell2
  • 7
  • 5
  • 3
2 Solutions
 
plug1Commented:
The problem you have is the self cert certificate mate. You need to purchase one or you will never get rid of these errors because no browser will trust your server by default.. Buy one from godaddy.com, it doesnt cost much.
0
 
bezell2Author Commented:
Since I use two domains to get to the OWA site, do I need to purchase a multiple domain cert?

0
 
plug1Commented:
Spot on mate. Thats exactly what you need, always best getting a multi anyway so you can list your internal domains as well ..
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
bezell2Author Commented:
Great, this fixes the first part of my problem. Now, if I want to secure another IIS site with SSL, how do I do it? As SSL port 443 is being used by the Exchange OWA site.
0
 
plug1Commented:
You can host another site on the same IIS server, you just need to configure it correctly. 443 will still point to the same server and IIS will serve up the correct site depending on th eURL the client is looking for. Remember to put this domain into your certificate when you buy it to save hassle re-keying it in the future.
0
 
bezell2Author Commented:
If I put the SSL port 443 on a different site I just get redirected to OWA.
0
 
plug1Commented:
0
 
MesthaCommented:
A multiple domain certificate isn't going to be much help here. The certificate will only have one common name on the certificate which is seen by the users. The SAN/UC certificates are really designed for Exchange 2007, where other names are used by clients.

RPC over HTTPS on Exchange 2003 has issues with those certificates unless you take care with its configuration.

Using two URLs for OWA is simply vanity. I would just have one certificate with one domain and get all users to access using the same URL. Same for RPC over HTTPS etc access.

You can only have one site on 443 per IP address. If you want to run additional sites on SSL without using other ports then you will need additional IP addresses.

-M
0
 
plug1Commented:
I stand corrected.. ^^ Thanks Mestha.
0
 
bezell2Author Commented:
Thank you. I do have two IP addresses (2 WAN's). How do I go about setting up a second SSL site with my second IP? What are my options for using other ports?

Thanks
0
 
MesthaCommented:
You will need a second internal IP address on the NIC, then do a one to one NAT on your firewall.
Once that is done then you can add a second site to IIS and adjust the bindings of the sites as appropriate.

However that isn't going to give you two sets of OWA etc. Trying to get OWA to work outside of the default site isn't easy and with SBS I would say it was practically impossible due to the way the wizards work.

-M
0
 
bezell2Author Commented:
I see. One further question... my default site is currently set with no host header values (blank, so everything that isnt assigned somewhere else is routed to it.) Is that the way it should be, or should I have my specific host headers in there? (i.e. mail.domain-1.com, mail.domain-2.com, etc.)

0
 
MesthaCommented:
You can't use host headers with SSL. They only work with port 80 traffic and are used for sharing the IP address - companyweb is the good example.
If you set a host header then you can stop it working from inside. If the host header was set to "server" for example, then "host.example.com" and "server.example.local" wouldn't work because there are more than one web servers on the IP address and IIS doesn't know where to send the traffic.

I think the simple answer is that you only use a host header if you are going to specific EVERY URL that will be used to access the server, or none at all.

-M
0
 
plug1Commented:
Im glad you posted in here Mestha, youve certainly cleared things up in my head. Cheers
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now