Which certificate do I add to stop the OWA website security certificate error?

mikem2k
mikem2k used Ask the Experts™
on
Hello all.

I have recently set up an Exchange 2007 server with IIS7 and am unclear as to which certificate I need to allow users to access email through OWA without receiving the 'There is a problem with this website's security certificate' error

There appears to be an Exchange certificate as well as a certificate that would be installed in IIS under the Server Certificates area?

Do I need one or both?  Also, if I only need one, is there any benefit to having both (even if this benefit is unrelated to OWA?)

Please advise.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2008

Commented:
You will need to purchase a certificate from a certificate authority (CA) such as Thawte or Verisign. and install the certificate on your Exchange server.

That way when your browser gets teh certificate it can verify it with the CA.

Either that or you need to install the self generated certificate you already have on every client that will acces OWA.

Author

Commented:
I apologize if my question was unclear.

The purchase and installation of the certificates seems pretty straightforward and I was planning to purchase a certificate from GoDaddy.

My question is regarding which area(s) of the Exchange server need the certificates - Exchange Server itself or the or the IIS - Server Certificates area.

Author

Commented:
I also wanted to note that in GoDaddy, when selecting the certificate type, it displays multiple options including both IIS 7.0 and Exchange 2007.

Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Top Expert 2008

Commented:
Ah sorry - understand now :-)

You install the certificate in IIS on the website where the Exchange virtual directories are present.

If you are publishing through ISA server you also need to install the certificate on the ISA server and set it on your OWA web listener.

Not sure what type of certificate GoDaddy are offering, you just need a standard SSL certificate. So I'd say go with whatever they offer as standard.

Author

Commented:
There doesn't appear to be a 'Standard SSL' option from GoDaddy.

I am attaching a screenshot of available certificate types from GoDaddy and a screenshot of the IIS 7 Certificate area.

I am also not sure how I am publishing the site; it is just using all the server defaults.  It is an SBS 2008 server with Exchange 2007 and IIS7.

Do I add certificates in the IIS7 certificate area in the second screenshot or do I use the shell referenced here:

http://technet.microsoft.com/en-us/library/bb124950%28EXCHG.80%29.aspx

I am not well versed in certificates and see both methods listed throughout Experts Exchange.  I was hoping to only have to obtain and install one certificate, preferably in IIS only, without using the shell.
GDCertList.bmp
IISCertScreen.bmp
Top Expert 2008
Commented:
Go with an 'Exchange 2007' certificate type from GoDaddy.

This is a useful site to help you generate the CSR request for the certificate: http://www.youtube.com/watch?v=nMPjoZnk2EQ 

Author

Commented:
Will try this in the next day or two.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial