Link to home
Start Free TrialLog in
Avatar of SrinathS
SrinathSFlag for United States of America

asked on

How to setup SSL in Exchange Server 2003?

Hello,

Q1: I have an Exchange Server running on Server 2003. How can I setup SSL for exchange mail? Is there any guide available? Currently the server address is setup as "mail.domain.com", the online access is "mail.domain.com/exchange" for exchange and the regular web access is "mail.domain.com/oma". NOTE that this is NOT a front-end server.

Q2: How can I take full backup of exchange server?

Any further information would be greatly appreciated. Thanks.
ASKER CERTIFIED SOLUTION
Avatar of Brad Howe
Brad Howe
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I also wanted to mention about the MS Exchange client guide
"It contains configuration information, such as how to secure your messaging environment, deploy the server architecture, and configure Exchange servers for your supported client access methods."
http://go.microsoft.com/fwlink/?LinkId=69702
Let us know if you have questions,
Hades666
Avatar of SrinathS

ASKER

Hi,

Thanks for quick reply. I'm currently taking backup of entire Exchange server using NTBACKUP. I will try to follow the above instructions after that.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi,

Can I take trusted SSL from 3rd party vendor for the mail server like "mail.domain.com" ? Currently we are hosting "domain.com" on another server with different A record for the domain. I think it won't affect the SSL installation for mail server.

On setup steps, can I type "mail.domain.com" instead of sample "mail.contoso.com" or similar address?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi,

I found that SSL certificate is installed by our previous tech team, but they didn't acitvated (not enabled the 128-bit encrypt option.) When I try to apply the option it shows me a window. I didn't understand it. I attached the screen-shot. I would appreciate if anyone can guide me on this.

Thanks to all!
1.JPG
In iis manager click on server certificate, you should have the option to chose existing or cretae a new request. -Hades666
You want to click ok so the sub sites for outlook web access and RPC over HTTPS along with other exchange functions will work with the SSL is the simplified answer to your screen shot post.
Okay. The existing SSL certificate is not properly installed. I will delete that and create a new certificate tonight. I will update this question If I encounter any issues. Thanks!
For any trouble shooting after the new SSL cert is installed create a dummy account on your server and use https://www.testexchangeconnectivity.com as it warns please do not use a live client account and disable or delete the test account when finished.
I've rescheduled this to coming Friday. Thanks.
Hello All,

I'm able to install the self-signed SSL certificate by following this tutorial: http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

When I verify it by typing https://exchange/exchange , it works! I mean, I'm able to login into exchange and I found the secure lock icon at the status bar.

BUT, when I try to access
https://mail.testdomain.com/owa
https://mail.testdomain.com/exchange

More details:
Internal Exchange Name (local): EXCHANGE
External Exchange Name: mail.testdomain.com

As I said earliar, we are hosting testdomain.com elsewhere by pointing the domain A record.

I restarted all the required services and even restarted the server. Any further quick help would be greatly apprciated. Thanks.
BUT, when I try to access
https://mail.testdomain.com/owa
https://mail.testdomain.com/exchange

It didn't work both on web and iPhone. On the web, it displays the page can not be displayed. I went to Exchange virtual directory and verified the settings. The SSL option is enabled including the 128-bit option.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
From http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

Note: You may have noticed the yellow warning sign, this informs us The name on the security certificate is invalid or does not match the name of the site. Don’t worry there’s nothing wrong with this, the reason why it appears is because we aren’t accessing OWA through the common name, which we specified when the certificate was created. When you access OWA from an external client through mail.testdomain.com/exchange, this warning will disappear.

I've a new SSL certificate from GlobalSign Inc. for the domain mail.testdomain.com - First I tried to follow the instructions available at above link. It didn't works for me.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Okay. I removed the self-signed SSL certificate from Exchange server. I will install the GlobalSign Inc. SSL certificate in the same way. I will update this question shortly. Thanks for pointing me into right direction.
Hello All,

Sorry for late reply. I generated the CSR in Exchange Server and get the SSL certificates (Root, Intermediate and Child) from GlobalSign Inc. The generated SSL certificate is for the following address: mail.domain.com Even though I followed the installation instructions, it still didn't work. After setup, I even restarted all necessary services.

The SSL setup screenshot is attached. The SSL certificate clearly shows that the SSL certificate is properly installed. Any further help would be greatly appreciated. Thanks.
1.JPG
Can you post results from https://www.testexchangeconnectivity.com/ I am interested to see what you get for both RPC over HTTPS and Active Sync
Exchange ActiveSync Test Results File Attached.
exchange-sutosync-result.txt
I also ran the test without SSL option enabled.
exchange-sutosync-result-no-ssl.txt
Hi,

I'm currently reading this post: https://www.experts-exchange.com/questions/23629611/Configure-Exchange-2003-ActiveSync-with-iPhone-3G.html#22186293

It seems to be the ActiveSync is not enabled or not supported. It's look like I need to create new Virtual Directory to support ActiveSync.

Am I Correct?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
We don't have frontend/backend servers. We have only 1 exchange server configured. When I visit that page, it displays "Page can not be displayed" message both on internal and external networks.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Never mind. I'm unable to solve this issue. However we are going to upgrade Exchange 2003 to 2007. Thanks to All Experts.