We help IT Professionals succeed at work.

Outlook anywhere

277 Views
Last Modified: 2012-05-06
I have been trying to figure out how to set up the last section of the server configuration. I need an fqdn (fully qualified domain name) and an ssl certificate to go with it. However I though that I could just use the subdomain of my site mail.website.com but the company that provided me with the domain and hosted my website says that I can only link my ssl to my www.website.com
Do I need to link it to my www or am I going about this the wrong way?
Do I need to own mail.website.com as apposed to having a sub domain?
Comment
Watch Question

Stephen CroftTechnical Architect
CERTIFIED EXPERT

Commented:
You can buy Certs for any domain or subdomain. You can also buy Certs that will cover any subdomain of your current domain (Wildcard), though my colleages have an ongoing argument with themselves as to whether they are worth the hassle.

Get your host to forward SUBDOMAIN.website.com to your Internet Facing IP that OWA/Outlook Anywhere is on. Make sure they do a DNS point, not a web-based pointer.

Buy your Certificate, and install it on your CAS / ISA server. Voila!

Author

Commented:
How can I tell which is my CAS or ISA server. Also the company that hosts my domain says that they cant put ssl on my sub domain and they dont support or host third party SSL how can I do this? Do I install is on my sonicwall device?
Stephen CroftTechnical Architect
CERTIFIED EXPERT

Commented:
The company that hosts your domain wont be catering for the subdomain.

You only want the DNS pointer for the subdomain creating.

As for CAS/ISA, that depends on how your Exchange scenario is. For example, are you single or multi-server?

It sounds to me like they want to host the subdomain at their end, this is incorrect as you need its A record to point at your external IP.

To Clarify;

subdomain.domain.com A record points to 2.2.2.2

2.2.2.2 is the External IP of your Sonicwall (?) Router

You setup a NAT (or port forward) for the required ports (80 and 443 for OWA, cant remember for RPC/HTTPS) to your CAS-role server (or ISA if you have a ISA box)

you install your 3rd party Cert on your CAS/ISA box.

When users browse (for OWA) to https://subdomain.domain.com/OWA/ they are presented with a website served by your Internal server, secured with your 3rd party Certificate.

Make sense?

Author

Commented:
So I already have the subdomain pointed at 2.2.2.2.When I go there it goes to the same site as if I went to 2.2.2.2. I am speaking with a rep from godaddy.com to buy a certificate, Now if I understand what your saying I dont need the company that host my website to be involved in the use of this certification. Do you have a guide on how to install the cert on my CAS/ISA box?
Stephen CroftTechnical Architect
CERTIFIED EXPERT

Commented:
There are plenty around, and I can help you with finding them :)

Again, are you a single server Exchange deployment?

Author

Commented:
I have 2 exchange servers but only one is active and it is also the one where my mail boxes are stored, I was told that I could use the Separate Exchange and Domain Controller Configuration because I only have one domain controller and it is different from my primary/active exchange server

Author

Commented:
I am trying to link my ssl I but I need to do a CSR-Generation for it. However I dont know how to do this. Do I add it to the list of websites in IIS? If so the adress I use is my external ip?
Expert of the Quarter 2009
Expert of the Year 2009
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
So I set up a new zone for example.com then added an A record for mail.
 Now I go to IIS and use my default web page? it has all my internal ips, or do i make a new site and add it?
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
You don't have to add anything to IIS.
Otherwise I don't understand what you are asking.

Simon.

Author

Commented:
Well i guess the best way to word this is I am at my IIS screen. I see my computer, I click the drop down menu and see Default website. When I got to properties I see the drop down menu and it is assigned to use all unassgined ip addresses.. The un assigned addresses are all the local addresses for that computer.  I was told by godaddy.com that I needed to make sure that I generate the csr for my external address and make sure I use the full mail.example.com. So I didnt want to add it to my default website before I was sure that is what I was suppose to do.
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
The IP address of the server has nothing to do with the host name that you are using. The setting in IIS does not need to be changed either.
All you need to do is ensure that the names resolve correctly to the server. If the server only has one IP address then that is fine.

If this is Exchange 2007 (as you haven't said what version) then IIS is not even involved in the certificate process.

Simon.

Author

Commented:
Ok I was just worried that if I just assigned the SSL to default website it wouldnt target mail.example.com
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
That isn't an IIS issue, that is a DNS issue. You need to ensure that DNS is pointing to the correct IP address. If the server only has one IP address then fine. If it has more than one then IIS either needs to be set to all unassigned or to the specific IP address that you have set in DNS.
However, for everything in Exchange to work correctly that really needs to be the server's main IP address, not one of the additional ones.

Simon.

Author

Commented:
So my dns record for mail.example.com should point to my servers exchange primary ip and not my external devices ip?
Expert of the Quarter 2009
Expert of the Year 2009

Commented:
Internally the DNS record for mail.example.com should point to Exchange.
Externally it should point to your external IP address and then that forwards to the internal IP address of your server, unless you are fortunate enough to be using public IP addresses on your LAN.

Simon.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.