Solved

Install new Equifax Secure Global eBUsiness CA -1, internal clients Exchange problems

Posted on 2009-04-14
7
1,225 Views
Last Modified: 2012-05-06
I have a new certificate install in server in order to user able to connect to owa without security certificate problem.
The certificate install ok an run rigth for external access to owa.
In the IIS7, I changed the certificate (from internalSERVER.dosimetria.es to externalSERVER.dosimetria.es), in default web site links .
The problem now is in outlook access. Whe the outlook 2003 and 2007 connect to Exchange a security windows appears, saying the internalSERVER.DOSIMETRIA.ES don't is no valid.
Do you know how to change only the link for OWA to new externalSERVER.dosimetria.es? In IIS6 it can easy, select properties of OWA virtual directory, but in IIS7 I don't know how to achive this.
0
Comment
Question by:imusa
  • 4
  • 3
7 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24137601
What sort of certificate did you purchase?
Was it a SAN/UC certificate, or a regular certificate?
If it was a regular certificate then you have to make lots of changes. Furthermore the certificate needs to be requested and installed through Exchange, not through OWA.

http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

Simon.
0
 

Author Comment

by:imusa
ID: 24150186
Ok.
I folowed the steps in several articles and now the certificate is running rith.
From external and internal owa run right
The clients with IMAP also can connect with IMAPSSL.

The problem now is the outlook 2003/2007 internal clients. When outlook opens, the Alert Security appears saying SERS.dosimetria.es is no the same than certificate (correo.dosimetria.es). (I add jpg with error)

I add the get-exchangecertificate and get-WebServicesVirtualDirectory

Thansks for help



[PS] C:\Windows\System32>get-exchangecertificate
 

Thumbprint                                Services   Subject

----------                                --------   -------

86A40FF554C08ED62AF2FDE40C4388A4639A57FE  IP.WS      CN=correo.dosimetria.es...

B8E3F7072FDCEC822C896F0FD9492E7C20068DE8  ....S      CN=SERS

6E7D2C0E2A046628549B94EFA2087890598ABA91  ....S      CN=SERS.DOSIMETRIA.ES

0CFF3929EAA24B2DFF0030C7FB4F232D9AC1BF9F  ...WS      CN=Sites

B5A7885647912734D64FB4B2F4DD8321E0D81D01  .....      CN=DOSIMETRIA-SERS-CA

BD7AE1D4DA2ACBA99215ADCFE337DE92073393E6  .....      CN=WMSvc-WIN-B7UQFQR8CLQ
 
 

[PS] C:\Windows\System32>get-WebServicesVirtualDirectory |format-list
 
 

InternalNLBBypassUrl          : https://correo.dosimetria.es/EWS/Exchange.asmx

Name                          : EWS (Default Web Site)

InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}

ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}

BasicAuthentication           : False

DigestAuthentication          : False

WindowsAuthentication         : True

MetabasePath                  : IIS://SERS.DOSIMETRIA.ES/W3SVC/1/ROOT/EWS

Path                          : C:\Program Files\Microsoft\Exchange Server\Clie

                                ntAccess\exchweb\EWS

Server                        : SERS

InternalUrl                   : https://correo.dosimetria.es/EWS/Exchange.asmx

ExternalUrl                   : https://correo.dosimetria.es/EWS/Exchange.asmx

AdminDisplayName              :

ExchangeVersion               : 0.1 (8.0.535.0)

DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,

                                CN=SERS,CN=Servers,CN=Exchange Administrative G

                                roup (FYDIBOHF23SPDLT),CN=Administrative Groups

                                ,CN=Primera organización,CN=Microsoft Exchange,

                                CN=Services,CN=Configuration,DC=DOSIMETRIA,DC=E

                                S

Identity                      : SERS\EWS (Default Web Site)

Guid                          : b1425dd2-4fa5-4616-a7d4-31c23842fe01

ObjectCategory                : DOSIMETRIA.ES/Configuration/Schema/ms-Exch-Web-

                                Services-Virtual-Directory

ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServices

                                VirtualDirectory}

WhenChanged                   : 15/04/2009 18:25:56

WhenCreated                   : 31/03/2009 11:56:36

OriginatingServer             : SERS.DOSIMETRIA.ES

IsValid                       : True
 
 
 

[PS] C:\Windows\System32>

Open in new window

Captura01.JPG
0
 

Author Comment

by:imusa
ID: 24150444

I put get-exchangecertificate complete.


It possible my 3party SSL certificate don't support SAN?

Thanks
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System

                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi

                     ty.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {correo.dosimetria.es}

HasPrivateKey      : True

IsSelfSigned       : False

Issuer             : CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure

                     Inc., C=US

NotAfter           : 14/04/2010 13:22:00

NotBefore          : 15/04/2009 13:22:00

PublicKeySize      : 1024

RootCAType         : ThirdParty

SerialNumber       : 0B50E2

Services           : IMAP, POP, IIS, SMTP

Status             : Valid

Subject            : CN=correo.dosimetria.es, OU=Domain Control Validated - Rap

                     idSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=

                     GT61655898, O=correo.dosimetria.es, C=ES

Thumbprint         : 86A40FF554C08ED62AF2FDE40C4388A4639A57FE
 

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System

                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi

                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce

                     ssControl.CryptoKeyAccessRule}

CertificateDomains : {SERS, SERS.DOSIMETRIA.ES}

HasPrivateKey      : True

IsSelfSigned       : True

Issuer             : CN=SERS

NotAfter           : 31/03/2010 11:53:18

NotBefore          : 31/03/2009 11:53:18

PublicKeySize      : 2048

RootCAType         : None

SerialNumber       : 7DD7117B244428B742CECAAD1239EBAE

Services           : SMTP

Status             : Valid

Subject            : CN=SERS

Thumbprint         : B8E3F7072FDCEC822C896F0FD9492E7C20068DE8
 

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System

                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi

                     ty.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {SERS.DOSIMETRIA.ES}

HasPrivateKey      : True

IsSelfSigned       : False

Issuer             : CN=DOSIMETRIA-SERS-CA

NotAfter           : 24/03/2010 10:58:55

NotBefore          : 24/03/2009 10:58:55

PublicKeySize      : 1024

RootCAType         : Registry

SerialNumber       : 61225C33000000000003

Services           : SMTP

Status             : Valid

Subject            : CN=SERS.DOSIMETRIA.ES

Thumbprint         : 6E7D2C0E2A046628549B94EFA2087890598ABA91
 

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System

                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi

                     ty.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {Sites, SERS.DOSIMETRIA.ES}

HasPrivateKey      : True

IsSelfSigned       : False

Issuer             : CN=DOSIMETRIA-SERS-CA

NotAfter           : 24/03/2011 10:56:07

NotBefore          : 24/03/2009 10:56:07

PublicKeySize      : 2048

RootCAType         : Registry

SerialNumber       : 611FCAEC000000000002

Services           : IIS, SMTP

Status             : Valid

Subject            : CN=Sites

Thumbprint         : 0CFF3929EAA24B2DFF0030C7FB4F232D9AC1BF9F
 

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System

                     .Security.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {DOSIMETRIA-SERS-CA}

HasPrivateKey      : True

IsSelfSigned       : True

Issuer             : CN=DOSIMETRIA-SERS-CA

NotAfter           : 24/03/2014 11:05:15

NotBefore          : 24/03/2009 10:55:16

PublicKeySize      : 2048

RootCAType         : Registry

SerialNumber       : 390E8497AD6263BE42F728409872D40F

Services           : None

Status             : Valid

Subject            : CN=DOSIMETRIA-SERS-CA

Thumbprint         : B5A7885647912734D64FB4B2F4DD8321E0D81D01
 

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System

                     .Security.AccessControl.CryptoKeyAccessRule}

CertificateDomains : {WMSvc-WIN-B7UQFQR8CLQ}

HasPrivateKey      : True

IsSelfSigned       : True

Issuer             : CN=WMSvc-WIN-B7UQFQR8CLQ

NotAfter           : 22/03/2019 9:27:16

NotBefore          : 24/03/2009 9:27:16

PublicKeySize      : 2048

RootCAType         : Registry

SerialNumber       : CD406247F302D58A4846BF016BED584D

Services           : None

Status             : Valid

Subject            : CN=WMSvc-WIN-B7UQFQR8CLQ

Thumbprint         : BD7AE1D4DA2ACBA99215ADCFE337DE92073393E6
 
 
 

[PS] C:\Windows\System32>

Open in new window

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 65

Expert Comment

by:Mestha
ID: 24150730
if it is a RapidSSL certificate then it is not a SAN/UC certificate.
You can use a single name SSL certificate, but your external DNS provider must support SRV records.

Simon.
0
 

Author Comment

by:imusa
ID: 24150950
Thanks Simon,
In case that my dns provider (telefonica) supports srv records, how configure it?

on the other hand, do you know any ssl provider with support for SAN?

iv
0
 

Author Comment

by:imusa
ID: 24151512
I readed

http://www.amset.info/exchange/singlenamessl.asp

I think is better to invest some euros in adquire UCC certificate.

I have seen this:
https://domainsforexchange.net/
Standard Multiple Domain (UCC) SSL Up to 5 Domains - 1 year - ¬67.62

Do you know if it is support for exchange2007?

Thanks
0
 
LVL 65

Accepted Solution

by:
Mestha earned 250 total points
ID: 24156632
Those certificates are fine for Exchange 2007. They are from GoDaddy and I use them on all of my deployments including my home system.
The blog posting in my first post in this question will go through the full process involved.

Simon.
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
how to add IIS SMTP to handle application/Scanner relays into office 365.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now