OWA, SBS2008, no "There is a problem with this website's security certificate." warning when accesing from outside

Posted on 2011-09-13
Last Modified: 2012-05-12
-SBS2008 installation, self issued certificate
-owa, companyweb accesible from inside LAN or via VPN, getting warning prompt about security certificate.

When accesing from outside
accesing via http port 80 works (shows iis homepage)
accesing companyweb via port987 works (with warning prompt as expected)
accesing owa via htpps port 443  - no warning prompt, just  cannot display the webpage, as if there is no certificate - any kind of certificate.
Where to look to "turn on" the certificate for owa when trying to get acces from outside lan?

Question by:mkre03
  • 3
  • 2
  • 2
  • +2
LVL 10

Expert Comment

ID: 36530927
The problem with Self Issued Certificates is that a browser cannot verify it becuase it either does not know or does not trust the certificate authority.

However, it is possible to install the certificate on each computer that has the problem.  It has been a while since I have needed to do this, but you should be able to view the certificate when you get the error message, and then install this on the computer in question.

If you use a lot of certificates it may be easier to install your 'root' server.  You would need to distribute this key to all the relevant computers though.

Sorry the answer is a bit vague.  It has been a couple of years since I last had to deal with digital certificates!
LVL 12

Expert Comment

ID: 36531078
From Exchange Management Shell: get-ExchangeCertificate
To enable a different certificate you will need to make a note of the thumbprint of the certificate you wish to use and then run Enable-ExchangeCertificate -Thumbprint [xxx ... xxx] -Services IIS

Or open IIS > Sites > SBS Web Applications > Properties > Edit Bindings > https (443) > Edit and it will show you which certificate is being used.

Author Comment

ID: 36531278
To JEaston
I don't even get to the point where I'd be able to import/accept the certificate. The behaviour is quite strange: as if the validation doesn't even take place... just: Page cannot be displayed  - but it works within LAN. Thanks for your quick response!
To marcustech
I've seen it I've checked, it its there,  it's self issued and it's valid,
One and the same certificate is user for accesing owa(443) as for accesing companyweb (987), right?

My main question right now is not about the validity or the type of certificate, I'd just like to find out why don't I get the "There is a problem with this website's security certificate." warning when I try to connect to the owa from outside the company, but I get it when I'm inside...

LVL 12

Expert Comment

ID: 36532171
Page cannot be displayed  - but it works within LAN
Page cannot be displayed doesn't normally indicate a certificate problem.  What bits of network do you have between the internet and the server?  Is the firewall on on the server?  I take it that this is the same with all external clients?
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

LVL 12

Expert Comment

ID: 36532268
Sorry, by 'bits of network' I mean modems, routers, managed switches, firewalls etc.
LVL 56

Accepted Solution

Cliff Galiher earned 250 total points
ID: 36532473
***SBS***  ...use the wizards, use the wizards, use the wizards. The fact that this is working in the LAN and failing when accessing externally shows that your host bindings are all sorts of screwed up.

1) Run the Internet Address Management Wizard and set your host name. This will set appropriate settings in log files, Active Directory, and IIS, as well as create a new self-signed certificate. If you are using PowerShell, you have already gone off the rails.

2) Run the Fix My Network Wizard. This will fix IIS bindings, ensure the certificate is properly attached to IIS *and* Exchange, and ensure OWA is set up properly.

3) Run the SBS Best Practices Analyzer. Fix any remaining issues it reports.


Author Comment

ID: 36532497
The thing is, that we moved the server that was working just fine to a new location, where there was a different internet connection, provided by the same ISP, so I talked to their DNS admins to make the necessary changes - redirect the trafic for the existing domain to different public IP adress, I don't think that this could be the reason for the problem I'm expiriencing.
The only bit of network that is configurable is the router which has the external trafic thru port 443 redirected to internal IP address of the server (same port). Same for ports 987 and 80... but apps that use these ports (iis7web and companyweb) perform well...
LVL 56

Expert Comment

by:Cliff Galiher
ID: 36532611
Except you should *never* see the IIS7 homepage, even on port 80. By default that should be the RWW login/landing page for SBS. Which means IIS is not getting the host header it is expecting and is not sending the RWW redirect from 80 to 443. ...aka....busted host headers and bindings.


Expert Comment

ID: 37960017
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now