Solved

Install new Equifax Secure Global eBUsiness CA -1, internal clients Exchange problems

Posted on 2009-04-14
7
1,230 Views
Last Modified: 2012-05-06
I have a new certificate install in server in order to user able to connect to owa without security certificate problem.
The certificate install ok an run rigth for external access to owa.
In the IIS7, I changed the certificate (from internalSERVER.dosimetria.es to externalSERVER.dosimetria.es), in default web site links .
The problem now is in outlook access. Whe the outlook 2003 and 2007 connect to Exchange a security windows appears, saying the internalSERVER.DOSIMETRIA.ES don't is no valid.
Do you know how to change only the link for OWA to new externalSERVER.dosimetria.es? In IIS6 it can easy, select properties of OWA virtual directory, but in IIS7 I don't know how to achive this.
0
Comment
Question by:imusa
  • 4
  • 3
7 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24137601
What sort of certificate did you purchase?
Was it a SAN/UC certificate, or a regular certificate?
If it was a regular certificate then you have to make lots of changes. Furthermore the certificate needs to be requested and installed through Exchange, not through OWA.

http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

Simon.
0
 

Author Comment

by:imusa
ID: 24150186
Ok.
I folowed the steps in several articles and now the certificate is running rith.
From external and internal owa run right
The clients with IMAP also can connect with IMAPSSL.

The problem now is the outlook 2003/2007 internal clients. When outlook opens, the Alert Security appears saying SERS.dosimetria.es is no the same than certificate (correo.dosimetria.es). (I add jpg with error)

I add the get-exchangecertificate and get-WebServicesVirtualDirectory

Thansks for help



[PS] C:\Windows\System32>get-exchangecertificate
 

Thumbprint                                Services   Subject

----------                                --------   -------

86A40FF554C08ED62AF2FDE40C4388A4639A57FE  IP.WS      CN=correo.dosimetria.es...

B8E3F7072FDCEC822C896F0FD9492E7C20068DE8  ....S      CN=SERS

6E7D2C0E2A046628549B94EFA2087890598ABA91  ....S      CN=SERS.DOSIMETRIA.ES

0CFF3929EAA24B2DFF0030C7FB4F232D9AC1BF9F  ...WS      CN=Sites

B5A7885647912734D64FB4B2F4DD8321E0D81D01  .....      CN=DOSIMETRIA-SERS-CA

BD7AE1D4DA2ACBA99215ADCFE337DE92073393E6  .....      CN=WMSvc-WIN-B7UQFQR8CLQ
 
 

[PS] C:\Windows\System32>get-WebServicesVirtualDirectory |format-list
 
 

InternalNLBBypassUrl          : https://correo.dosimetria.es/EWS/Exchange.asmx

Name                          : EWS (Default Web Site)

InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}

ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}

BasicAuthentication           : False

DigestAuthentication          : False

WindowsAuthentication         : True

MetabasePath                  : IIS://SERS.DOSIMETRIA.ES/W3SVC/1/ROOT/EWS

Path                          : C:\Program Files\Microsoft\Exchange Server\Clie

                                ntAccess\exchweb\EWS

Server                        : SERS

InternalUrl                   : https://correo.dosimetria.es/EWS/Exchange.asmx

ExternalUrl                   : https://correo.dosimetria.es/EWS/Exchange.asmx

AdminDisplayName              :

ExchangeVersion               : 0.1 (8.0.535.0)

DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,

                                CN=SERS,CN=Servers,CN=Exchange Administrative G

                                roup (FYDIBOHF23SPDLT),CN=Administrative Groups

                                ,CN=Primera organización,CN=Microsoft Exchange,

                                CN=Services,CN=Configuration,DC=DOSIMETRIA,DC=E

                                S

Identity                      : SERS\EWS (Default Web Site)

Guid                          : b1425dd2-4fa5-4616-a7d4-31c23842fe01

ObjectCategory                : DOSIMETRIA.ES/Configuration/Schema/ms-Exch-Web-

                                Services-Virtual-Directory

ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServices

                                VirtualDirectory}

WhenChanged                   : 15/04/2009 18:25:56

WhenCreated                   : 31/03/2009 11:56:36

OriginatingServer             : SERS.DOSIMETRIA.ES

IsValid                       : True
 
 
 

[PS] C:\Windows\System32>

Open in new window

Captura01.JPG
0
 

Author Comment

by:imusa
ID: 24150444

I put get-exchangecertificate complete.


It possible my 3party SSL certificate don't support SAN?

Thanks
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System

                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi

                     ty.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {correo.dosimetria.es}

HasPrivateKey      : True

IsSelfSigned       : False

Issuer             : CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure

                     Inc., C=US

NotAfter           : 14/04/2010 13:22:00

NotBefore          : 15/04/2009 13:22:00

PublicKeySize      : 1024

RootCAType         : ThirdParty

SerialNumber       : 0B50E2

Services           : IMAP, POP, IIS, SMTP

Status             : Valid

Subject            : CN=correo.dosimetria.es, OU=Domain Control Validated - Rap

                     idSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=

                     GT61655898, O=correo.dosimetria.es, C=ES

Thumbprint         : 86A40FF554C08ED62AF2FDE40C4388A4639A57FE
 

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System

                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi

                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce

                     ssControl.CryptoKeyAccessRule}

CertificateDomains : {SERS, SERS.DOSIMETRIA.ES}

HasPrivateKey      : True

IsSelfSigned       : True

Issuer             : CN=SERS

NotAfter           : 31/03/2010 11:53:18

NotBefore          : 31/03/2009 11:53:18

PublicKeySize      : 2048

RootCAType         : None

SerialNumber       : 7DD7117B244428B742CECAAD1239EBAE

Services           : SMTP

Status             : Valid

Subject            : CN=SERS

Thumbprint         : B8E3F7072FDCEC822C896F0FD9492E7C20068DE8
 

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System

                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi

                     ty.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {SERS.DOSIMETRIA.ES}

HasPrivateKey      : True

IsSelfSigned       : False

Issuer             : CN=DOSIMETRIA-SERS-CA

NotAfter           : 24/03/2010 10:58:55

NotBefore          : 24/03/2009 10:58:55

PublicKeySize      : 1024

RootCAType         : Registry

SerialNumber       : 61225C33000000000003

Services           : SMTP

Status             : Valid

Subject            : CN=SERS.DOSIMETRIA.ES

Thumbprint         : 6E7D2C0E2A046628549B94EFA2087890598ABA91
 

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System

                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi

                     ty.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {Sites, SERS.DOSIMETRIA.ES}

HasPrivateKey      : True

IsSelfSigned       : False

Issuer             : CN=DOSIMETRIA-SERS-CA

NotAfter           : 24/03/2011 10:56:07

NotBefore          : 24/03/2009 10:56:07

PublicKeySize      : 2048

RootCAType         : Registry

SerialNumber       : 611FCAEC000000000002

Services           : IIS, SMTP

Status             : Valid

Subject            : CN=Sites

Thumbprint         : 0CFF3929EAA24B2DFF0030C7FB4F232D9AC1BF9F
 

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System

                     .Security.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {DOSIMETRIA-SERS-CA}

HasPrivateKey      : True

IsSelfSigned       : True

Issuer             : CN=DOSIMETRIA-SERS-CA

NotAfter           : 24/03/2014 11:05:15

NotBefore          : 24/03/2009 10:55:16

PublicKeySize      : 2048

RootCAType         : Registry

SerialNumber       : 390E8497AD6263BE42F728409872D40F

Services           : None

Status             : Valid

Subject            : CN=DOSIMETRIA-SERS-CA

Thumbprint         : B5A7885647912734D64FB4B2F4DD8321E0D81D01
 

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System

                     .Security.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {WMSvc-WIN-B7UQFQR8CLQ}

HasPrivateKey      : True

IsSelfSigned       : True

Issuer             : CN=WMSvc-WIN-B7UQFQR8CLQ

NotAfter           : 22/03/2019 9:27:16

NotBefore          : 24/03/2009 9:27:16

PublicKeySize      : 2048

RootCAType         : Registry

SerialNumber       : CD406247F302D58A4846BF016BED584D

Services           : None

Status             : Valid

Subject            : CN=WMSvc-WIN-B7UQFQR8CLQ

Thumbprint         : BD7AE1D4DA2ACBA99215ADCFE337DE92073393E6
 
 
 

[PS] C:\Windows\System32>

Open in new window

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 65

Expert Comment

by:Mestha
ID: 24150730
if it is a RapidSSL certificate then it is not a SAN/UC certificate.
You can use a single name SSL certificate, but your external DNS provider must support SRV records.

Simon.
0
 

Author Comment

by:imusa
ID: 24150950
Thanks Simon,
In case that my dns provider (telefonica) supports srv records, how configure it?

on the other hand, do you know any ssl provider with support for SAN?

iv
0
 

Author Comment

by:imusa
ID: 24151512
I readed

http://www.amset.info/exchange/singlenamessl.asp

I think is better to invest some euros in adquire UCC certificate.

I have seen this:
https://domainsforexchange.net/
Standard Multiple Domain (UCC) SSL Up to 5 Domains - 1 year - ¬67.62

Do you know if it is support for exchange2007?

Thanks
0
 
LVL 65

Accepted Solution

by:
Mestha earned 250 total points
ID: 24156632
Those certificates are fine for Exchange 2007. They are from GoDaddy and I use them on all of my deployments including my home system.
The blog posting in my first post in this question will go through the full process involved.

Simon.
0

Featured Post

Do email signature updates give you a headache?

Are you constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now