Solved

Accessing OWA, RWW without SSL Cert Error

Posted on 2010-08-25
10
770 Views
Last Modified: 2012-05-10
I have a non-internet facing SBS 2003 box that has a different external name to internal.

For Example. Externally, uses can access server with remote.domainname.com, but internally they simply use http://SERVERNAME or http://FQDN.

I have setup the self-assigned SSL Certificate with the External name.

When a User accesses server either Internal or External, they are prompted within IE with "There is a problem with this website's security certificate." which can be clicked through but I would of thought that the Workstation should be trusted?

What am I missing? Do I need to install Cert on each domain PC? Do I need to setup DNS to route a request for http://SERVERNAME to http://remote.domainname.com?

So many questions .... :-)
0
Comment
Question by:Flipp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 5

Accepted Solution

by:
Armenio earned 125 total points
ID: 33527615
The easiest way is just to add it to the root domains trusted list on each p.c.  so export the certificate
I think from IIS  then just copy it onto a usb pen and go to each pc and double click   and don't let it automatically add it to the locating it want add it to the trusted root one let me know if you need more details .
0
 
LVL 6

Author Comment

by:Flipp
ID: 33527687
Can this be achieves with GPO or some other automated approach using SBS 2003?
0
 
LVL 5

Expert Comment

by:Armenio
ID: 33527723
I think it can  been a wile but try this

http://technet.microsoft.com/en-us/library/cc738131(WS.10).aspx

 you need to add your CA as a trusted CA
0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 
LVL 35

Assisted Solution

by:Cris Hanna
Cris Hanna earned 125 total points
ID: 33527731
0
 
LVL 8

Assisted Solution

by:beechy_
beechy_ earned 125 total points
ID: 33529159
The way I tend to do it with SBS 2003 is the way MS have done it themselves in 2008, create a zone in your internal DNS called remote.domainname.com (just accept all the defaults in the DNS wizard, AD-integrated etc etc), then once you'vce got your new zone, create an A record in it and leace the name field blank, so it uses the same name as the parent zone, give it the internal IP address of your SBS.  Then instruct your users to use https://remote.domainname.com whether in or out of the office.  I find users are happier with having just the one URL to remember, even if it is slightly longer to type than the internal URL.  You can either export the certificate then install it on all the PCs from a memory stick or server share, or for US$30 or so, you can add a publicly trusted certificate to your SBS from GoDaddy or similar, all machines around the world trust this certificate because they already trust GoDaddy's root certificate.
0
 
LVL 5

Assisted Solution

by:DanMar
DanMar earned 125 total points
ID: 33530145
IE recognises your internal cert as not signed therefore this message.  The best way around this is to purchase a certificate.  This is a requirement for OWA on Exchange 2007 so I suggest going down this path.  There are plenty SSL vendors that are fairly cheap e.g. www.digicert.com
0
 
LVL 6

Author Comment

by:Flipp
ID: 33555015
Thank you all for your replies to date - I will be attacking this one in the next 7 days so will get back to you with how I go.
0
 
LVL 6

Author Comment

by:Flipp
ID: 35048897
I would like to award points to all contributors - I have been offline for too long due to unforeseen circumstances.
0
 
LVL 6

Author Closing Comment

by:Flipp
ID: 35048903
Awarded point evenly for contributing.

Ended up just using GoDaddy to get some cheap SSL Certs.
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question