Outlook anywhere

I have been trying to figure out how to set up the last section of the server configuration. I need an fqdn (fully qualified domain name) and an ssl certificate to go with it. However I though that I could just use the subdomain of my site mail.website.com but the company that provided me with the domain and hosted my website says that I can only link my ssl to my www.website.com
Do I need to link it to my www or am I going about this the wrong way?
Do I need to own mail.website.com as apposed to having a sub domain?
Night_Wolf87Asked:
Who is Participating?
 
MesthaConnect With a Mentor Commented:
Which version of Exchange is this?
If it is Exchange 2007, then I have the full process on my blog:
http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

Certificates for Exchange 2007 have to be done in a certain way so that everything works correctly.

If it is Exchange 2003, then you can just follow the instructions from the certificate supplier to generate the request through IIS manager for mail.example.com - but do ensure that you have setup a DNS record for mail.example.com to point to your external IP address.

Simon.
0
 
Stephen CroftTechnical ArchitectCommented:
You can buy Certs for any domain or subdomain. You can also buy Certs that will cover any subdomain of your current domain (Wildcard), though my colleages have an ongoing argument with themselves as to whether they are worth the hassle.

Get your host to forward SUBDOMAIN.website.com to your Internet Facing IP that OWA/Outlook Anywhere is on. Make sure they do a DNS point, not a web-based pointer.

Buy your Certificate, and install it on your CAS / ISA server. Voila!

0
 
Night_Wolf87Author Commented:
How can I tell which is my CAS or ISA server. Also the company that hosts my domain says that they cant put ssl on my sub domain and they dont support or host third party SSL how can I do this? Do I install is on my sonicwall device?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Stephen CroftTechnical ArchitectCommented:
The company that hosts your domain wont be catering for the subdomain.

You only want the DNS pointer for the subdomain creating.

As for CAS/ISA, that depends on how your Exchange scenario is. For example, are you single or multi-server?

It sounds to me like they want to host the subdomain at their end, this is incorrect as you need its A record to point at your external IP.

To Clarify;

subdomain.domain.com A record points to 2.2.2.2

2.2.2.2 is the External IP of your Sonicwall (?) Router

You setup a NAT (or port forward) for the required ports (80 and 443 for OWA, cant remember for RPC/HTTPS) to your CAS-role server (or ISA if you have a ISA box)

you install your 3rd party Cert on your CAS/ISA box.

When users browse (for OWA) to https://subdomain.domain.com/OWA/ they are presented with a website served by your Internal server, secured with your 3rd party Certificate.

Make sense?

0
 
Night_Wolf87Author Commented:
So I already have the subdomain pointed at 2.2.2.2.When I go there it goes to the same site as if I went to 2.2.2.2. I am speaking with a rep from godaddy.com to buy a certificate, Now if I understand what your saying I dont need the company that host my website to be involved in the use of this certification. Do you have a guide on how to install the cert on my CAS/ISA box?
0
 
Stephen CroftTechnical ArchitectCommented:
There are plenty around, and I can help you with finding them :)

Again, are you a single server Exchange deployment?

0
 
Night_Wolf87Author Commented:
I have 2 exchange servers but only one is active and it is also the one where my mail boxes are stored, I was told that I could use the Separate Exchange and Domain Controller Configuration because I only have one domain controller and it is different from my primary/active exchange server
0
 
Night_Wolf87Author Commented:
I am trying to link my ssl I but I need to do a CSR-Generation for it. However I dont know how to do this. Do I add it to the list of websites in IIS? If so the adress I use is my external ip?
0
 
Night_Wolf87Author Commented:
So I set up a new zone for example.com then added an A record for mail.
 Now I go to IIS and use my default web page? it has all my internal ips, or do i make a new site and add it?
0
 
MesthaCommented:
You don't have to add anything to IIS.
Otherwise I don't understand what you are asking.

Simon.
0
 
Night_Wolf87Author Commented:
Well i guess the best way to word this is I am at my IIS screen. I see my computer, I click the drop down menu and see Default website. When I got to properties I see the drop down menu and it is assigned to use all unassgined ip addresses.. The un assigned addresses are all the local addresses for that computer.  I was told by godaddy.com that I needed to make sure that I generate the csr for my external address and make sure I use the full mail.example.com. So I didnt want to add it to my default website before I was sure that is what I was suppose to do.
0
 
MesthaCommented:
The IP address of the server has nothing to do with the host name that you are using. The setting in IIS does not need to be changed either.
All you need to do is ensure that the names resolve correctly to the server. If the server only has one IP address then that is fine.

If this is Exchange 2007 (as you haven't said what version) then IIS is not even involved in the certificate process.

Simon.
0
 
Night_Wolf87Author Commented:
Ok I was just worried that if I just assigned the SSL to default website it wouldnt target mail.example.com
0
 
MesthaCommented:
That isn't an IIS issue, that is a DNS issue. You need to ensure that DNS is pointing to the correct IP address. If the server only has one IP address then fine. If it has more than one then IIS either needs to be set to all unassigned or to the specific IP address that you have set in DNS.
However, for everything in Exchange to work correctly that really needs to be the server's main IP address, not one of the additional ones.

Simon.
0
 
Night_Wolf87Author Commented:
So my dns record for mail.example.com should point to my servers exchange primary ip and not my external devices ip?
0
 
MesthaCommented:
Internally the DNS record for mail.example.com should point to Exchange.
Externally it should point to your external IP address and then that forwards to the internal IP address of your server, unless you are fortunate enough to be using public IP addresses on your LAN.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.