Solved

Accessing OWA, RWW without SSL Cert Error

Posted on 2010-08-25
10
769 Views
Last Modified: 2012-05-10
I have a non-internet facing SBS 2003 box that has a different external name to internal.

For Example. Externally, uses can access server with remote.domainname.com, but internally they simply use http://SERVERNAME or http://FQDN.

I have setup the self-assigned SSL Certificate with the External name.

When a User accesses server either Internal or External, they are prompted within IE with "There is a problem with this website's security certificate." which can be clicked through but I would of thought that the Workstation should be trusted?

What am I missing? Do I need to install Cert on each domain PC? Do I need to setup DNS to route a request for http://SERVERNAME to http://remote.domainname.com?

So many questions .... :-)
0
Comment
Question by:Flipp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 5

Accepted Solution

by:
Armenio earned 125 total points
ID: 33527615
The easiest way is just to add it to the root domains trusted list on each p.c.  so export the certificate
I think from IIS  then just copy it onto a usb pen and go to each pc and double click   and don't let it automatically add it to the locating it want add it to the trusted root one let me know if you need more details .
0
 
LVL 6

Author Comment

by:Flipp
ID: 33527687
Can this be achieves with GPO or some other automated approach using SBS 2003?
0
 
LVL 5

Expert Comment

by:Armenio
ID: 33527723
I think it can  been a wile but try this

http://technet.microsoft.com/en-us/library/cc738131(WS.10).aspx

 you need to add your CA as a trusted CA
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 35

Assisted Solution

by:Cris Hanna
Cris Hanna earned 125 total points
ID: 33527731
0
 
LVL 8

Assisted Solution

by:beechy_
beechy_ earned 125 total points
ID: 33529159
The way I tend to do it with SBS 2003 is the way MS have done it themselves in 2008, create a zone in your internal DNS called remote.domainname.com (just accept all the defaults in the DNS wizard, AD-integrated etc etc), then once you'vce got your new zone, create an A record in it and leace the name field blank, so it uses the same name as the parent zone, give it the internal IP address of your SBS.  Then instruct your users to use https://remote.domainname.com whether in or out of the office.  I find users are happier with having just the one URL to remember, even if it is slightly longer to type than the internal URL.  You can either export the certificate then install it on all the PCs from a memory stick or server share, or for US$30 or so, you can add a publicly trusted certificate to your SBS from GoDaddy or similar, all machines around the world trust this certificate because they already trust GoDaddy's root certificate.
0
 
LVL 5

Assisted Solution

by:DanMar
DanMar earned 125 total points
ID: 33530145
IE recognises your internal cert as not signed therefore this message.  The best way around this is to purchase a certificate.  This is a requirement for OWA on Exchange 2007 so I suggest going down this path.  There are plenty SSL vendors that are fairly cheap e.g. www.digicert.com
0
 
LVL 6

Author Comment

by:Flipp
ID: 33555015
Thank you all for your replies to date - I will be attacking this one in the next 7 days so will get back to you with how I go.
0
 
LVL 6

Author Comment

by:Flipp
ID: 35048897
I would like to award points to all contributors - I have been offline for too long due to unforeseen circumstances.
0
 
LVL 6

Author Closing Comment

by:Flipp
ID: 35048903
Awarded point evenly for contributing.

Ended up just using GoDaddy to get some cheap SSL Certs.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SBS 2011 Server CPU Utilization 33 52
SSL-VPN 1 91
Secure Website 5 40
What exactly should I expect when i perform FSBO migration from SBS 2008 to Server 2012 ? 5 39
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question