Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Install new Equifax Secure Global eBUsiness CA -1, internal clients Exchange problems

Posted on 2009-04-14
7
Medium Priority
?
1,258 Views
Last Modified: 2012-05-06
I have a new certificate install in server in order to user able to connect to owa without security certificate problem.
The certificate install ok an run rigth for external access to owa.
In the IIS7, I changed the certificate (from internalSERVER.dosimetria.es to externalSERVER.dosimetria.es), in default web site links .
The problem now is in outlook access. Whe the outlook 2003 and 2007 connect to Exchange a security windows appears, saying the internalSERVER.DOSIMETRIA.ES don't is no valid.
Do you know how to change only the link for OWA to new externalSERVER.dosimetria.es? In IIS6 it can easy, select properties of OWA virtual directory, but in IIS7 I don't know how to achive this.
0
Comment
Question by:imusa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 65

Expert Comment

by:Mestha
ID: 24137601
What sort of certificate did you purchase?
Was it a SAN/UC certificate, or a regular certificate?
If it was a regular certificate then you have to make lots of changes. Furthermore the certificate needs to be requested and installed through Exchange, not through OWA.

http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

Simon.
0
 

Author Comment

by:imusa
ID: 24150186
Ok.
I folowed the steps in several articles and now the certificate is running rith.
From external and internal owa run right
The clients with IMAP also can connect with IMAPSSL.

The problem now is the outlook 2003/2007 internal clients. When outlook opens, the Alert Security appears saying SERS.dosimetria.es is no the same than certificate (correo.dosimetria.es). (I add jpg with error)

I add the get-exchangecertificate and get-WebServicesVirtualDirectory

Thansks for help



[PS] C:\Windows\System32>get-exchangecertificate
 
Thumbprint                                Services   Subject
----------                                --------   -------
86A40FF554C08ED62AF2FDE40C4388A4639A57FE  IP.WS      CN=correo.dosimetria.es...
B8E3F7072FDCEC822C896F0FD9492E7C20068DE8  ....S      CN=SERS
6E7D2C0E2A046628549B94EFA2087890598ABA91  ....S      CN=SERS.DOSIMETRIA.ES
0CFF3929EAA24B2DFF0030C7FB4F232D9AC1BF9F  ...WS      CN=Sites
B5A7885647912734D64FB4B2F4DD8321E0D81D01  .....      CN=DOSIMETRIA-SERS-CA
BD7AE1D4DA2ACBA99215ADCFE337DE92073393E6  .....      CN=WMSvc-WIN-B7UQFQR8CLQ
 
 
[PS] C:\Windows\System32>get-WebServicesVirtualDirectory |format-list
 
 
InternalNLBBypassUrl          : https://correo.dosimetria.es/EWS/Exchange.asmx
Name                          : EWS (Default Web Site)
InternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
ExternalAuthenticationMethods : {Ntlm, WindowsIntegrated}
BasicAuthentication           : False
DigestAuthentication          : False
WindowsAuthentication         : True
MetabasePath                  : IIS://SERS.DOSIMETRIA.ES/W3SVC/1/ROOT/EWS
Path                          : C:\Program Files\Microsoft\Exchange Server\Clie
                                ntAccess\exchweb\EWS
Server                        : SERS
InternalUrl                   : https://correo.dosimetria.es/EWS/Exchange.asmx
ExternalUrl                   : https://correo.dosimetria.es/EWS/Exchange.asmx
AdminDisplayName              :
ExchangeVersion               : 0.1 (8.0.535.0)
DistinguishedName             : CN=EWS (Default Web Site),CN=HTTP,CN=Protocols,
                                CN=SERS,CN=Servers,CN=Exchange Administrative G
                                roup (FYDIBOHF23SPDLT),CN=Administrative Groups
                                ,CN=Primera organización,CN=Microsoft Exchange,
                                CN=Services,CN=Configuration,DC=DOSIMETRIA,DC=E
                                S
Identity                      : SERS\EWS (Default Web Site)
Guid                          : b1425dd2-4fa5-4616-a7d4-31c23842fe01
ObjectCategory                : DOSIMETRIA.ES/Configuration/Schema/ms-Exch-Web-
                                Services-Virtual-Directory
ObjectClass                   : {top, msExchVirtualDirectory, msExchWebServices
                                VirtualDirectory}
WhenChanged                   : 15/04/2009 18:25:56
WhenCreated                   : 31/03/2009 11:56:36
OriginatingServer             : SERS.DOSIMETRIA.ES
IsValid                       : True
 
 
 
[PS] C:\Windows\System32>

Open in new window

Captura01.JPG
0
 

Author Comment

by:imusa
ID: 24150444

I put get-exchangecertificate complete.


It possible my 3party SSL certificate don't support SAN?

Thanks
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {correo.dosimetria.es}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure
                     Inc., C=US
NotAfter           : 14/04/2010 13:22:00
NotBefore          : 15/04/2009 13:22:00
PublicKeySize      : 1024
RootCAType         : ThirdParty
SerialNumber       : 0B50E2
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=correo.dosimetria.es, OU=Domain Control Validated - Rap
                     idSSL(R), OU=See www.rapidssl.com/resources/cps (c)09, OU=
                     GT61655898, O=correo.dosimetria.es, C=ES
Thumbprint         : 86A40FF554C08ED62AF2FDE40C4388A4639A57FE
 
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
                     ssControl.CryptoKeyAccessRule}
CertificateDomains : {SERS, SERS.DOSIMETRIA.ES}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=SERS
NotAfter           : 31/03/2010 11:53:18
NotBefore          : 31/03/2009 11:53:18
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 7DD7117B244428B742CECAAD1239EBAE
Services           : SMTP
Status             : Valid
Subject            : CN=SERS
Thumbprint         : B8E3F7072FDCEC822C896F0FD9492E7C20068DE8
 
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {SERS.DOSIMETRIA.ES}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=DOSIMETRIA-SERS-CA
NotAfter           : 24/03/2010 10:58:55
NotBefore          : 24/03/2009 10:58:55
PublicKeySize      : 1024
RootCAType         : Registry
SerialNumber       : 61225C33000000000003
Services           : SMTP
Status             : Valid
Subject            : CN=SERS.DOSIMETRIA.ES
Thumbprint         : 6E7D2C0E2A046628549B94EFA2087890598ABA91
 
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Sites, SERS.DOSIMETRIA.ES}
HasPrivateKey      : True
IsSelfSigned       : False
Issuer             : CN=DOSIMETRIA-SERS-CA
NotAfter           : 24/03/2011 10:56:07
NotBefore          : 24/03/2009 10:56:07
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 611FCAEC000000000002
Services           : IIS, SMTP
Status             : Valid
Subject            : CN=Sites
Thumbprint         : 0CFF3929EAA24B2DFF0030C7FB4F232D9AC1BF9F
 
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {DOSIMETRIA-SERS-CA}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=DOSIMETRIA-SERS-CA
NotAfter           : 24/03/2014 11:05:15
NotBefore          : 24/03/2009 10:55:16
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : 390E8497AD6263BE42F728409872D40F
Services           : None
Status             : Valid
Subject            : CN=DOSIMETRIA-SERS-CA
Thumbprint         : B5A7885647912734D64FB4B2F4DD8321E0D81D01
 
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WIN-B7UQFQR8CLQ}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=WMSvc-WIN-B7UQFQR8CLQ
NotAfter           : 22/03/2019 9:27:16
NotBefore          : 24/03/2009 9:27:16
PublicKeySize      : 2048
RootCAType         : Registry
SerialNumber       : CD406247F302D58A4846BF016BED584D
Services           : None
Status             : Valid
Subject            : CN=WMSvc-WIN-B7UQFQR8CLQ
Thumbprint         : BD7AE1D4DA2ACBA99215ADCFE337DE92073393E6
 
 
 
[PS] C:\Windows\System32>

Open in new window

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 65

Expert Comment

by:Mestha
ID: 24150730
if it is a RapidSSL certificate then it is not a SAN/UC certificate.
You can use a single name SSL certificate, but your external DNS provider must support SRV records.

Simon.
0
 

Author Comment

by:imusa
ID: 24150950
Thanks Simon,
In case that my dns provider (telefonica) supports srv records, how configure it?

on the other hand, do you know any ssl provider with support for SAN?

iv
0
 

Author Comment

by:imusa
ID: 24151512
I readed

http://www.amset.info/exchange/singlenamessl.asp

I think is better to invest some euros in adquire UCC certificate.

I have seen this:
https://domainsforexchange.net/
Standard Multiple Domain (UCC) SSL Up to 5 Domains - 1 year - ¬67.62

Do you know if it is support for exchange2007?

Thanks
0
 
LVL 65

Accepted Solution

by:
Mestha earned 750 total points
ID: 24156632
Those certificates are fine for Exchange 2007. They are from GoDaddy and I use them on all of my deployments including my home system.
The blog posting in my first post in this question will go through the full process involved.

Simon.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
We aren’t perfect, just like everyone else.  Check out the email errors our community caught and learn the top errors every email marketer should avoid.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question