Server Certificate Creation to remove 'Untrusted Connection'

I just setup an exchange server.  Whenever users attempt to access the exchange server from an outside location not in the LAN, it says:

This Connection is Untrusted
             
          You have asked Firefox to connect
securely to mail.domain.org, but we can't confirm that your connection is secure.
          Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site's identity can't be verified.
       
       
       
          What Should I Do?
         
            If you usually connect to
this site without problems, this error could mean that someone is
trying to impersonate the site, and you shouldn't continue.
           
         
       
       
       
       
          Technical Details
          mail.domain.org uses an invalid security certificate.

The certificate is not trusted because no issuer chain was provided.
The certificate is only valid for DC1.domain.org

(Error code: sec_error_unknown_issuer)

       
       
       
          I Understand the Risks
         
            If you understand what's going on, you
can tell Firefox to start trusting this site's identification.
Even if you trust the site, this error could mean that someone is
tampering with your connection.
            Don't add an exception unless
you know there's a good reason why this site doesn't use trusted identification.








How can I create a certificate for mail.domain.org that won't show this error.  It seems my certificate is pointing to the domain controllers (dc1.domain.org) and that is why the error is displaying.  I can't seem to see where to put mail.domain.org in for the certificate.
LVL 1
cmb991Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

simpsolCommented:
Below is the link to a step-by-step article which should help you
http://www.petri.co.il/configure_ssl_on_owa.htm

You can also search MSExchange.org for ssl certificate and there are several articles describing various scenario's
0
cmb991Author Commented:
Dumb question but all of the articles say "On OWA Server, go to IIS Console.
2.     go to “Propierties” into <Defaul Web Site>.
3.     click on tab “Directory Security”. "


Where is the Directory Security... None the less, Properties in Exchange IIS 6?  I don't see one...
0
sihtCommented:
This is probably because you are using a self signed certificate, data transmitted over this connection will still be protected by SSL but you will have this issue every time you connect from a different machine.

If you click "I understand the risks" then the connection should be successful, the untrusted certificate will be installed on the machine and trusted from then on but you will have to repeat the process on each new machine that connects to Exchange. You will probably also have trouble with services like Outlook Anywhere which really does not like self signed certificates.

I have found it much more time efficient and trouble free to purchase a trusted third party certificate, once these are set up you should not need to worry about it untill it is time to renew your SSL cert. The article referenced by simpsol is a good step by step on how to get it going.

I have used ceritficates from godaddy.com in the past, they are about $50 USD per year, below is a link on how to set up a godaddy cert, you wil need to install both the root and intermediate certificates as instructed in the article.

http://help.godaddy.com/topic/742/article/4877

HTH
Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.