Server Certificate Creation to remove 'Untrusted Connection'

I just setup an exchange server.  Whenever users attempt to access the exchange server from an outside location not in the LAN, it says:

This Connection is Untrusted
             
          You have asked Firefox to connect
securely to mail.domain.org, but we can't confirm that your connection is secure.
          Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site's identity can't be verified.
       
       
       
          What Should I Do?
         
            If you usually connect to
this site without problems, this error could mean that someone is
trying to impersonate the site, and you shouldn't continue.
           
         
       
       
       
       
          Technical Details
          mail.domain.org uses an invalid security certificate.

The certificate is not trusted because no issuer chain was provided.
The certificate is only valid for DC1.domain.org

(Error code: sec_error_unknown_issuer)

       
       
       
          I Understand the Risks
         
            If you understand what's going on, you
can tell Firefox to start trusting this site's identification.
Even if you trust the site, this error could mean that someone is
tampering with your connection.
            Don't add an exception unless
you know there's a good reason why this site doesn't use trusted identification.








How can I create a certificate for mail.domain.org that won't show this error.  It seems my certificate is pointing to the domain controllers (dc1.domain.org) and that is why the error is displaying.  I can't seem to see where to put mail.domain.org in for the certificate.
LVL 1
cmb991Asked:
Who is Participating?
 
sihtConnect With a Mentor Commented:
This is probably because you are using a self signed certificate, data transmitted over this connection will still be protected by SSL but you will have this issue every time you connect from a different machine.

If you click "I understand the risks" then the connection should be successful, the untrusted certificate will be installed on the machine and trusted from then on but you will have to repeat the process on each new machine that connects to Exchange. You will probably also have trouble with services like Outlook Anywhere which really does not like self signed certificates.

I have found it much more time efficient and trouble free to purchase a trusted third party certificate, once these are set up you should not need to worry about it untill it is time to renew your SSL cert. The article referenced by simpsol is a good step by step on how to get it going.

I have used ceritficates from godaddy.com in the past, they are about $50 USD per year, below is a link on how to set up a godaddy cert, you wil need to install both the root and intermediate certificates as instructed in the article.

http://help.godaddy.com/topic/742/article/4877

HTH
Simon.
0
 
simpsolCommented:
Below is the link to a step-by-step article which should help you
http://www.petri.co.il/configure_ssl_on_owa.htm

You can also search MSExchange.org for ssl certificate and there are several articles describing various scenario's
0
 
cmb991Author Commented:
Dumb question but all of the articles say "On OWA Server, go to IIS Console.
2.     go to “Propierties” into <Defaul Web Site>.
3.     click on tab “Directory Security”. "


Where is the Directory Security... None the less, Properties in Exchange IIS 6?  I don't see one...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.