Solved

Accessing OWA, RWW without SSL Cert Error

Posted on 2010-08-25
10
766 Views
Last Modified: 2012-05-10
I have a non-internet facing SBS 2003 box that has a different external name to internal.

For Example. Externally, uses can access server with remote.domainname.com, but internally they simply use http://SERVERNAME or http://FQDN.

I have setup the self-assigned SSL Certificate with the External name.

When a User accesses server either Internal or External, they are prompted within IE with "There is a problem with this website's security certificate." which can be clicked through but I would of thought that the Workstation should be trusted?

What am I missing? Do I need to install Cert on each domain PC? Do I need to setup DNS to route a request for http://SERVERNAME to http://remote.domainname.com?

So many questions .... :-)
0
Comment
Question by:Flipp
10 Comments
 
LVL 5

Accepted Solution

by:
Armenio earned 125 total points
ID: 33527615
The easiest way is just to add it to the root domains trusted list on each p.c.  so export the certificate
I think from IIS  then just copy it onto a usb pen and go to each pc and double click   and don't let it automatically add it to the locating it want add it to the trusted root one let me know if you need more details .
0
 
LVL 6

Author Comment

by:Flipp
ID: 33527687
Can this be achieves with GPO or some other automated approach using SBS 2003?
0
 
LVL 5

Expert Comment

by:Armenio
ID: 33527723
I think it can  been a wile but try this

http://technet.microsoft.com/en-us/library/cc738131(WS.10).aspx

 you need to add your CA as a trusted CA
0
 
LVL 35

Assisted Solution

by:Cris Hanna
Cris Hanna earned 125 total points
ID: 33527731
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 8

Assisted Solution

by:beechy_
beechy_ earned 125 total points
ID: 33529159
The way I tend to do it with SBS 2003 is the way MS have done it themselves in 2008, create a zone in your internal DNS called remote.domainname.com (just accept all the defaults in the DNS wizard, AD-integrated etc etc), then once you'vce got your new zone, create an A record in it and leace the name field blank, so it uses the same name as the parent zone, give it the internal IP address of your SBS.  Then instruct your users to use https://remote.domainname.com whether in or out of the office.  I find users are happier with having just the one URL to remember, even if it is slightly longer to type than the internal URL.  You can either export the certificate then install it on all the PCs from a memory stick or server share, or for US$30 or so, you can add a publicly trusted certificate to your SBS from GoDaddy or similar, all machines around the world trust this certificate because they already trust GoDaddy's root certificate.
0
 
LVL 5

Assisted Solution

by:DanMar
DanMar earned 125 total points
ID: 33530145
IE recognises your internal cert as not signed therefore this message.  The best way around this is to purchase a certificate.  This is a requirement for OWA on Exchange 2007 so I suggest going down this path.  There are plenty SSL vendors that are fairly cheap e.g. www.digicert.com
0
 
LVL 6

Author Comment

by:Flipp
ID: 33555015
Thank you all for your replies to date - I will be attacking this one in the next 7 days so will get back to you with how I go.
0
 
LVL 6

Author Comment

by:Flipp
ID: 35048897
I would like to award points to all contributors - I have been offline for too long due to unforeseen circumstances.
0
 
LVL 6

Author Closing Comment

by:Flipp
ID: 35048903
Awarded point evenly for contributing.

Ended up just using GoDaddy to get some cheap SSL Certs.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now