Solved

Outlook anywhere

Posted on 2009-04-02
16
206 Views
Last Modified: 2012-05-06
I have been trying to figure out how to set up the last section of the server configuration. I need an fqdn (fully qualified domain name) and an ssl certificate to go with it. However I though that I could just use the subdomain of my site mail.website.com but the company that provided me with the domain and hosted my website says that I can only link my ssl to my www.website.com
Do I need to link it to my www or am I going about this the wrong way?
Do I need to own mail.website.com as apposed to having a sub domain?
0
Comment
Question by:Night_Wolf87
  • 8
  • 5
  • 3
16 Comments
 
LVL 11

Expert Comment

by:djxtreme
Comment Utility
You can buy Certs for any domain or subdomain. You can also buy Certs that will cover any subdomain of your current domain (Wildcard), though my colleages have an ongoing argument with themselves as to whether they are worth the hassle.

Get your host to forward SUBDOMAIN.website.com to your Internet Facing IP that OWA/Outlook Anywhere is on. Make sure they do a DNS point, not a web-based pointer.

Buy your Certificate, and install it on your CAS / ISA server. Voila!

0
 

Author Comment

by:Night_Wolf87
Comment Utility
How can I tell which is my CAS or ISA server. Also the company that hosts my domain says that they cant put ssl on my sub domain and they dont support or host third party SSL how can I do this? Do I install is on my sonicwall device?
0
 
LVL 11

Expert Comment

by:djxtreme
Comment Utility
The company that hosts your domain wont be catering for the subdomain.

You only want the DNS pointer for the subdomain creating.

As for CAS/ISA, that depends on how your Exchange scenario is. For example, are you single or multi-server?

It sounds to me like they want to host the subdomain at their end, this is incorrect as you need its A record to point at your external IP.

To Clarify;

subdomain.domain.com A record points to 2.2.2.2

2.2.2.2 is the External IP of your Sonicwall (?) Router

You setup a NAT (or port forward) for the required ports (80 and 443 for OWA, cant remember for RPC/HTTPS) to your CAS-role server (or ISA if you have a ISA box)

you install your 3rd party Cert on your CAS/ISA box.

When users browse (for OWA) to https://subdomain.domain.com/OWA/ they are presented with a website served by your Internal server, secured with your 3rd party Certificate.

Make sense?

0
 

Author Comment

by:Night_Wolf87
Comment Utility
So I already have the subdomain pointed at 2.2.2.2.When I go there it goes to the same site as if I went to 2.2.2.2. I am speaking with a rep from godaddy.com to buy a certificate, Now if I understand what your saying I dont need the company that host my website to be involved in the use of this certification. Do you have a guide on how to install the cert on my CAS/ISA box?
0
 
LVL 11

Expert Comment

by:djxtreme
Comment Utility
There are plenty around, and I can help you with finding them :)

Again, are you a single server Exchange deployment?

0
 

Author Comment

by:Night_Wolf87
Comment Utility
I have 2 exchange servers but only one is active and it is also the one where my mail boxes are stored, I was told that I could use the Separate Exchange and Domain Controller Configuration because I only have one domain controller and it is different from my primary/active exchange server
0
 

Author Comment

by:Night_Wolf87
Comment Utility
I am trying to link my ssl I but I need to do a CSR-Generation for it. However I dont know how to do this. Do I add it to the list of websites in IIS? If so the adress I use is my external ip?
0
 
LVL 65

Accepted Solution

by:
Mestha earned 500 total points
Comment Utility
Which version of Exchange is this?
If it is Exchange 2007, then I have the full process on my blog:
http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

Certificates for Exchange 2007 have to be done in a certain way so that everything works correctly.

If it is Exchange 2003, then you can just follow the instructions from the certificate supplier to generate the request through IIS manager for mail.example.com - but do ensure that you have setup a DNS record for mail.example.com to point to your external IP address.

Simon.
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 

Author Comment

by:Night_Wolf87
Comment Utility
So I set up a new zone for example.com then added an A record for mail.
 Now I go to IIS and use my default web page? it has all my internal ips, or do i make a new site and add it?
0
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
You don't have to add anything to IIS.
Otherwise I don't understand what you are asking.

Simon.
0
 

Author Comment

by:Night_Wolf87
Comment Utility
Well i guess the best way to word this is I am at my IIS screen. I see my computer, I click the drop down menu and see Default website. When I got to properties I see the drop down menu and it is assigned to use all unassgined ip addresses.. The un assigned addresses are all the local addresses for that computer.  I was told by godaddy.com that I needed to make sure that I generate the csr for my external address and make sure I use the full mail.example.com. So I didnt want to add it to my default website before I was sure that is what I was suppose to do.
0
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
The IP address of the server has nothing to do with the host name that you are using. The setting in IIS does not need to be changed either.
All you need to do is ensure that the names resolve correctly to the server. If the server only has one IP address then that is fine.

If this is Exchange 2007 (as you haven't said what version) then IIS is not even involved in the certificate process.

Simon.
0
 

Author Comment

by:Night_Wolf87
Comment Utility
Ok I was just worried that if I just assigned the SSL to default website it wouldnt target mail.example.com
0
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
That isn't an IIS issue, that is a DNS issue. You need to ensure that DNS is pointing to the correct IP address. If the server only has one IP address then fine. If it has more than one then IIS either needs to be set to all unassigned or to the specific IP address that you have set in DNS.
However, for everything in Exchange to work correctly that really needs to be the server's main IP address, not one of the additional ones.

Simon.
0
 

Author Comment

by:Night_Wolf87
Comment Utility
So my dns record for mail.example.com should point to my servers exchange primary ip and not my external devices ip?
0
 
LVL 65

Expert Comment

by:Mestha
Comment Utility
Internally the DNS record for mail.example.com should point to Exchange.
Externally it should point to your external IP address and then that forwards to the internal IP address of your server, unless you are fortunate enough to be using public IP addresses on your LAN.

Simon.
0

Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
This video discusses moving either the default database or any database to a new volume.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now