Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Accessing OWA, RWW without SSL Cert Error

Posted on 2010-08-25
10
Medium Priority
?
773 Views
Last Modified: 2012-05-10
I have a non-internet facing SBS 2003 box that has a different external name to internal.

For Example. Externally, uses can access server with remote.domainname.com, but internally they simply use http://SERVERNAME or http://FQDN.

I have setup the self-assigned SSL Certificate with the External name.

When a User accesses server either Internal or External, they are prompted within IE with "There is a problem with this website's security certificate." which can be clicked through but I would of thought that the Workstation should be trusted?

What am I missing? Do I need to install Cert on each domain PC? Do I need to setup DNS to route a request for http://SERVERNAME to http://remote.domainname.com?

So many questions .... :-)
0
Comment
Question by:Flipp
10 Comments
 
LVL 5

Accepted Solution

by:
Armenio earned 375 total points
ID: 33527615
The easiest way is just to add it to the root domains trusted list on each p.c.  so export the certificate
I think from IIS  then just copy it onto a usb pen and go to each pc and double click   and don't let it automatically add it to the locating it want add it to the trusted root one let me know if you need more details .
0
 
LVL 6

Author Comment

by:Flipp
ID: 33527687
Can this be achieves with GPO or some other automated approach using SBS 2003?
0
 
LVL 5

Expert Comment

by:Armenio
ID: 33527723
I think it can  been a wile but try this

http://technet.microsoft.com/en-us/library/cc738131(WS.10).aspx

 you need to add your CA as a trusted CA
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 35

Assisted Solution

by:Cris Hanna
Cris Hanna earned 375 total points
ID: 33527731
0
 
LVL 8

Assisted Solution

by:beechy_
beechy_ earned 375 total points
ID: 33529159
The way I tend to do it with SBS 2003 is the way MS have done it themselves in 2008, create a zone in your internal DNS called remote.domainname.com (just accept all the defaults in the DNS wizard, AD-integrated etc etc), then once you'vce got your new zone, create an A record in it and leace the name field blank, so it uses the same name as the parent zone, give it the internal IP address of your SBS.  Then instruct your users to use https://remote.domainname.com whether in or out of the office.  I find users are happier with having just the one URL to remember, even if it is slightly longer to type than the internal URL.  You can either export the certificate then install it on all the PCs from a memory stick or server share, or for US$30 or so, you can add a publicly trusted certificate to your SBS from GoDaddy or similar, all machines around the world trust this certificate because they already trust GoDaddy's root certificate.
0
 
LVL 5

Assisted Solution

by:DanMar
DanMar earned 375 total points
ID: 33530145
IE recognises your internal cert as not signed therefore this message.  The best way around this is to purchase a certificate.  This is a requirement for OWA on Exchange 2007 so I suggest going down this path.  There are plenty SSL vendors that are fairly cheap e.g. www.digicert.com
0
 
LVL 6

Author Comment

by:Flipp
ID: 33555015
Thank you all for your replies to date - I will be attacking this one in the next 7 days so will get back to you with how I go.
0
 
LVL 6

Author Comment

by:Flipp
ID: 35048897
I would like to award points to all contributors - I have been offline for too long due to unforeseen circumstances.
0
 
LVL 6

Author Closing Comment

by:Flipp
ID: 35048903
Awarded point evenly for contributing.

Ended up just using GoDaddy to get some cheap SSL Certs.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question