?
Solved

SSL & OWA

Posted on 2010-01-07
22
Medium Priority
?
477 Views
Last Modified: 2012-05-08
Hi,

I'm trying to get OWA working with an SSL cert from GoDaddy with hopefully the end result being that we can use our I Phones with Exchange.

So far I've installed the certificate as per instructions from GoDaddy but when I try to test it the server can't be found.

The FQDN is mail.mydomain.com and I've checked the A records are pointing to the correct place.

Are there any good how too's out there?
0
Comment
Question by:Jytees
  • 10
  • 6
  • 5
  • +1
22 Comments
 
LVL 74

Accepted Solution

by:
Glen Knight earned 1000 total points
ID: 26202835
You have port 443 forwarded from yiur router/firewall to your exchange server?
0
 

Author Comment

by:Jytees
ID: 26202975
Yes. 443 for OWA and 993 for SSL.
0
 
LVL 6

Expert Comment

by:chilids
ID: 26203022
What about inside your network?  If you can view the page what Cert does it show it is using.  Also check in IIS under default webpage and view the certificate to make sure the proper one is being used.

Open IIS in administrative tools.  Expend until you see default website.  Right click on it and select properties.  Select the Directory Security tab and click on view certificate at the bottom.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:Jytees
ID: 26203151
Internally when I browse to https://servername/exchange I get the page up which says, "there is a problem with this website security cert" I can then close the page or continue to the website. When I view the cert error it's the correct one issued by GoDaddy but it says Mismatched Address?.

Also in IIS the default website has the correct cert.
0
 
LVL 6

Expert Comment

by:chilids
ID: 26203160
What is the name that you had the cert created for?  And is that the name used to access the site externally?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26203201
The certificate name muat match the URL you use fr web access.

Therefore of the URL you use is https://owa.companyname.com/exchange then the certificate must be for owa.companyname.com

if you got your certificate from GoDaddy you can use the re-key facility and request a certificate for the correct name.
0
 

Author Comment

by:Jytees
ID: 26203807
OK. I was using the internal domain name to access it which is why we got the mismatched add.

The cert is for mail.mydomain.com. When I try to access that internally https://mail.mydomain.com I get nothing, can't display web page.
0
 

Author Comment

by:Jytees
ID: 26203839
Sorry, server name.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26203930
You need to have /exchange on the end.
0
 
LVL 6

Expert Comment

by:chilids
ID: 26203964
If it works internally but not external then it's probably something with your forwarding or public server settings on your router.
0
 

Author Comment

by:Jytees
ID: 26204035
Demazter, I did have /exchange.

Chilids, It's not working internally.
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26204063
Can you try resetting the virtual directories?
Use method 3: http://support.microsoft.com/kb/883380
0
 
LVL 6

Expert Comment

by:chilids
ID: 26204112
So you browse to it internally and get a Cert error but what happens when you continue past that?
0
 

Author Comment

by:Jytees
ID: 26204199
Chilids, no, I'm unable to browse to it internally or externally. It works internall onl;y when I put the server name/exchange in the url. When I do that I get the mismatched address error.

Demazter, resetting the virtual directories,Method 3: Edit the Metabase.xml file?
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 26204222
Yes.

But hold on you can get it if you browse to the IP Address?
0
 

Author Comment

by:Jytees
ID: 26204668
The public IP address from external - no.

Internally with the private IP add - yes, but still with the cert error.
0
 
LVL 6

Expert Comment

by:chilids
ID: 26204757
You will get the cert error because the name doesn't match up, but it should let you go past that and view the page.  If it does then it works internally.
0
 

Author Comment

by:Jytees
ID: 26204778
Chilids - I'm aware of that. Doesn't solve my problem!
0
 
LVL 6

Assisted Solution

by:chilids
chilids earned 1000 total points
ID: 26204832
But it appears that something is wrong with the port forwarding.  If it works internally but server is not found externally the main element in between is the router.  If it was a permissions or security error you'd be getting a access denied or similar message.  It has to be something with the port forwarding or firewall settings on the router.  
0
 

Author Comment

by:Jytees
ID: 26205384
Chilids - I double checked my router to make sure the ports were open and it seems they are however, I popped on to grc.com and checked shields up and low and behold, port 443 is stealthed! It would seem we've found the issue, now to find out what's blocking the port.

I'll keep you posted.
0
 
LVL 20

Expert Comment

by:Satya Pathak
ID: 26205445
Have you verify your IIS.
Please find IIS authentication type and the SSL requirement for Exchange 2003.
1) Default Website : Annonymous & Integrated     NO SSL
2) Exadmin : Integrated                                    NO SSL
3) Exchweb : Annonymous                              NO SSL
4) Exchange: Basic                                        SSL Optional
5) RPC     : Basic                                        SSL Required
6) OMA     : Basic                                       SSL Optional
7) Public  : Basic+Integrated                         SSL Optional
8) exchange-oma : Basic & Integrated             NO SSL
9) Microsoft-Server-ActiveSync : Basic           SSL Required
After that need to restart IIS service.
0
 

Author Closing Comment

by:Jytees
ID: 31674154
I've split the points between the two of you guys, thanks for your help.

After the results on shields up I tackled the router again. Just deleted and recreated the entry and it worked!

Suppose I should've checked the port rather than trusting the router to do what it said it was doing!
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month17 days, 5 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question