OWA for Server 2003/Exchange 2003

I have configured access to OWA with a self-signed certificate over HTTPS for Users connecting to company network. When I connect to https://mail.company.com/exchange from the outside or inside world, I get the windows dialog window for credentials.

1. I was expecting to see the Windows OWA landing page OR is this only on SBS? What options do I have?
2. How best do I deploy the self-signed certificate to Users/Computers wanting to access OWA remotely?
3. Recommendations on where I can pickup a reasonably priced SSL Cert from vendor in Australia?
4. Any other recommendations?
LVL 6
FlippAsked:
Who is Participating?
 
ngcmosConnect With a Mentor Commented:

1. I was expecting to see the Windows OWA landing page OR is this only on SBS? What options do I have?
-The log in prompt is because you have Basic Authentication...you need to enable Forms Based Authentication for the "website login form"...you can have both enabled

2. How best do I deploy the self-signed certificate to Users/Computers wanting to access OWA remotely?
-On the client machine open a console window (run--->mmc) then select add snap in, and select certificates, On the left right click on Trusted Certificate Authorities and select import go ahead and import the CA cert first, then the domain cert

3. Recommendations on where I can pickup a reasonably priced SSL Cert from vendor in Australia?
I use www.netsol.com and www.godaddy.com  one of them should work

4. Any other recommendations?
Make sure you have everything right on your self signed ssl cert correct if something is not rigt IE or any browser will flag you about it...can be a pain...

I am IT consultant with many Small Biz as clients...i always use self signed certs...only time i recommend buying one is for public sites...that need a recognized certificate authority
0
 
Shack-DaddyConnect With a Mentor Commented:
It sounds to me like you do not have Forms Based Authentication turned on. In the Exchange System Manager, drill down into Server -> Protocols and get properties on HTTP and then enable Forms Based Authentication. Do an IISReset after that and see if your OWA experience changes. If you are still having issues, you may need to tweak some things if you are running in a single-server environment and aren't using SBS.
0
 
Shack-DaddyCommented:
Actually, my main recommendation beyond enabling FBA is to use a public cert. Not worth the hassle to distribute self-signed. Is there a reason you can't use a GoDaddy cert in Australia? It should be affordable and available there. You can even find promo codes to use at livecodes.blogspot.com that will give you a discount on new certs.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
FlippAuthor Commented:
Thank you ngcmos and shackdaddy.

1. On which component in IIS do I enable FBA?
2. Not sure what you mean by the CA Cert then the Domain Cert? I only have one Self-Signed Cert which I exported from http://servername/certsvr
3. Regarding SSL Certs from supplier, when would I need a Multiple or Unlimited Domain? If for example my client only has domain.com, then what type of use cases would I use multiple?
0
 
FlippAuthor Commented:
In addition, what considerations do I need to make as far as where to apply a third-party cert? I currently only see OWA being used so am I issuing on Exchange site or Default Site?
0
 
Shack-DaddyCommented:
Just get a single-name cert. You would use multiple if you were running Exchange 2007 or Exchange 2010 and weren't using SBS 2008 or SBS 2011.

Read my notes on enabling FBA--you enable it using the Exchange System Manager -> Server - > Protocols -> HTTP -> Properties.

When I provision a cert I set up a new dummy website in IIS and request it from there. Then when I get the cert back from GoDaddy, I install it on that Dummy site. Then I enable the cert on the Exchange site.
0
 
FlippAuthor Commented:
Cool - so FBA is all set.

I am still a bit stuck on the provisioning the cert thing - setting up a dummy site I suppose works, but I assume there is a general best practice to follow here. Should I provision from Default Site? Issues with doing this?

Have you got any info on the Single vs Multiple I can reference?
0
 
e_aravindConnect With a Mentor Commented:
It shouldn't be a problem

You can generate the cert. request from the Default-web-site to a .cer file
Continue the DWS with the current self-signed one
After receiving the response from the Vendor, assign the same to the DWS
0
 
FlippAuthor Commented:
Sounds good - so once I get it back from Go Daddy, I will assign to DWS, but do I also need to assign to /Exchange directory in IIS?
0
 
Shack-DaddyCommented:
No, you only assign certs to the root web site.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.