Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

SBS2003 r2 Prem.  Problems after installing SSL Certificate with RWW and OWA and ....

Posted on 2009-02-17
7
Medium Priority
?
742 Views
Last Modified: 2012-05-06
Need some guidance please correcting the following.
First I have an sbs2003 R2 Premium box with isa 2004.
I pop my mail and via pop3 connector using address mail.domain.com.au (although will change to smtp after resolving this, one step at at time please)  and host my website externally at my isp www.domain.com.au Further to that I have a dns entry (external) office.domain.com.au which pints to my ip address (adls router).
As such I can get rww and owa until now. I was previously using a self signed cert called publishing.domain.com.au
Furthermore I can no longer access my website or pop my mail.

So this is what we did.
1. Today (with assistance) I used isa to request a  certificate and and subsequently purchased a trustico ssl
2. Imported the cert via isa
3. Created a new zone in my local dns of  domain.com.au (I already have a domain.local)
4. Created a new A record in that zone office.domain.com.au and pointed it to my internal ip address

This meant that https:\\office.domain.com.au/remote and  https:\\office.domain.com.au/exchange resolves bow both externally and internally with a cert. BUT now I cannot access my website or exchange pop my mail as obviously these no longer resolve from my lan
Further to this when I rerun the ICIEW wizard it populates my isa rules with publising.domain.com.au and subsequently I have to manually change this back to office.domain.com.au to get owa and rww working again.

Now where I think we went wrong is not using ICIEW to import the SSL in the first instance.
If I had of done this would I have needed to add a new dns zone just to get office.domain.com.au to resolve. internal resolution is not important, external is?

If I read the article. http://technet.microsoft.com/en-us/library/cc949119(printer).aspx it suggest that I used isa to create the cert (which i did) and ICIEW to import. My theory was to run the ICIEW again and import the ssl cert but because I have already done this using isa without the wizard I cannot proceed.

Now I am not sure that If I place another certificate request using isa that I will lose the cert I have purchased. (I am getting over my head here) because was it not the original cert request that I cut ad pasted when purchasing earlier today. Or can I just remove via isa the purchased ssl, create a new request and then import the certificate again.

Any clarification on this would be appreciated. If anyone knows the answer I know here is the place to find it.
Thanks
Philip
 
0
Comment
Question by:Philip
  • 3
  • 3
6 Comments
 
LVL 40

Accepted Solution

by:
Philip Elder earned 2000 total points
ID: 23666359
This is the proper method:

http://blog.mpecsinc.ca/2008/08/sbs-2k3-premium-configuring-ssl.html

publishing is the internal facing certificate that gets created. Please reverse everything you have done and follow the above guidance. Don't worry about the wildcard as they are the same.

Philip
0
 

Author Comment

by:Philip
ID: 23669197
Thanks for the input at least now I know where the follow up article is but can I confirm does this mean that I will be required to purchase another ssl cert?
Remembering I purchased one yesterday using my original certificate request?
Thanks
0
 
LVL 40

Expert Comment

by:Philip Elder
ID: 23670914
You use the procedure to import via the secondary IIS site (if you created the CSR there), then into the cert store on SBS for ISA, then bind to your Web listeners in ISA (Companyweb and RWW).

Philip
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:Philip
ID: 23687762
Thanks again Philip, I will try these procedures form start to finish over the weekend, scrap the original ssl cert that I purchased as this was generated via the default website and not via the "secondary" one as described in http://technet.microsoft.com/en-us/library/cc949119(printer).aspx 

So hopefully I will close this pots and award points then.
One last question before I do though.

In ISA when I select directory security and assign an existing certificate I have about 12 entries.
How can I clear these all out ?
Thanks
0
 
LVL 40

Expert Comment

by:Philip Elder
ID: 23688018
on the server itself you start MMC and add the certificate management snap-in. You can clean them out of the personal store.

Philip
0
 

Author Closing Comment

by:Philip
ID: 31547758
Thanks and sorry didnt close earlier.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question