Solved

Accessing OWA, RWW without SSL Cert Error

Posted on 2010-08-25
10
767 Views
Last Modified: 2012-05-10
I have a non-internet facing SBS 2003 box that has a different external name to internal.

For Example. Externally, uses can access server with remote.domainname.com, but internally they simply use http://SERVERNAME or http://FQDN.

I have setup the self-assigned SSL Certificate with the External name.

When a User accesses server either Internal or External, they are prompted within IE with "There is a problem with this website's security certificate." which can be clicked through but I would of thought that the Workstation should be trusted?

What am I missing? Do I need to install Cert on each domain PC? Do I need to setup DNS to route a request for http://SERVERNAME to http://remote.domainname.com?

So many questions .... :-)
0
Comment
Question by:Flipp
10 Comments
 
LVL 5

Accepted Solution

by:
Armenio earned 125 total points
ID: 33527615
The easiest way is just to add it to the root domains trusted list on each p.c.  so export the certificate
I think from IIS  then just copy it onto a usb pen and go to each pc and double click   and don't let it automatically add it to the locating it want add it to the trusted root one let me know if you need more details .
0
 
LVL 6

Author Comment

by:Flipp
ID: 33527687
Can this be achieves with GPO or some other automated approach using SBS 2003?
0
 
LVL 5

Expert Comment

by:Armenio
ID: 33527723
I think it can  been a wile but try this

http://technet.microsoft.com/en-us/library/cc738131(WS.10).aspx

 you need to add your CA as a trusted CA
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 35

Assisted Solution

by:Cris Hanna
Cris Hanna earned 125 total points
ID: 33527731
0
 
LVL 8

Assisted Solution

by:beechy_
beechy_ earned 125 total points
ID: 33529159
The way I tend to do it with SBS 2003 is the way MS have done it themselves in 2008, create a zone in your internal DNS called remote.domainname.com (just accept all the defaults in the DNS wizard, AD-integrated etc etc), then once you'vce got your new zone, create an A record in it and leace the name field blank, so it uses the same name as the parent zone, give it the internal IP address of your SBS.  Then instruct your users to use https://remote.domainname.com whether in or out of the office.  I find users are happier with having just the one URL to remember, even if it is slightly longer to type than the internal URL.  You can either export the certificate then install it on all the PCs from a memory stick or server share, or for US$30 or so, you can add a publicly trusted certificate to your SBS from GoDaddy or similar, all machines around the world trust this certificate because they already trust GoDaddy's root certificate.
0
 
LVL 5

Assisted Solution

by:DanMar
DanMar earned 125 total points
ID: 33530145
IE recognises your internal cert as not signed therefore this message.  The best way around this is to purchase a certificate.  This is a requirement for OWA on Exchange 2007 so I suggest going down this path.  There are plenty SSL vendors that are fairly cheap e.g. www.digicert.com
0
 
LVL 6

Author Comment

by:Flipp
ID: 33555015
Thank you all for your replies to date - I will be attacking this one in the next 7 days so will get back to you with how I go.
0
 
LVL 6

Author Comment

by:Flipp
ID: 35048897
I would like to award points to all contributors - I have been offline for too long due to unforeseen circumstances.
0
 
LVL 6

Author Closing Comment

by:Flipp
ID: 35048903
Awarded point evenly for contributing.

Ended up just using GoDaddy to get some cheap SSL Certs.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Imagine a situation that you have installed SSL (http://en.wikipedia.org/wiki/Secure_Sockets_Layer) Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
Learn about cloud computing and its benefits for small business owners.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question