OWA, SBS2008, no "There is a problem with this website's security certificate." warning when accesing from outside

-SBS2008 installation, self issued certificate
-owa, companyweb accesible from inside LAN or via VPN, getting warning prompt about security certificate.

When accesing from outside
accesing via http port 80 works (shows iis homepage)
accesing companyweb via port987 works (with warning prompt as expected)
accesing owa via htpps port 443  - no warning prompt, just  cannot display the webpage, as if there is no certificate - any kind of certificate.
Where to look to "turn on" the certificate for owa when trying to get acces from outside lan?




mkre03Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Cliff GaliherConnect With a Mentor Commented:
***SBS***  ...use the wizards, use the wizards, use the wizards. The fact that this is working in the LAN and failing when accessing externally shows that your host bindings are all sorts of screwed up.

1) Run the Internet Address Management Wizard and set your host name. This will set appropriate settings in log files, Active Directory, and IIS, as well as create a new self-signed certificate. If you are using PowerShell, you have already gone off the rails.

2) Run the Fix My Network Wizard. This will fix IIS bindings, ensure the certificate is properly attached to IIS *and* Exchange, and ensure OWA is set up properly.

3) Run the SBS Best Practices Analyzer. Fix any remaining issues it reports.

-Cliff
0
 
John EastonDirectorCommented:
The problem with Self Issued Certificates is that a browser cannot verify it becuase it either does not know or does not trust the certificate authority.

However, it is possible to install the certificate on each computer that has the problem.  It has been a while since I have needed to do this, but you should be able to view the certificate when you get the error message, and then install this on the computer in question.

If you use a lot of certificates it may be easier to install your 'root' server.  You would need to distribute this key to all the relevant computers though.

Sorry the answer is a bit vague.  It has been a couple of years since I last had to deal with digital certificates!
0
 
marcustechCommented:
From Exchange Management Shell: get-ExchangeCertificate
To enable a different certificate you will need to make a note of the thumbprint of the certificate you wish to use and then run Enable-ExchangeCertificate -Thumbprint [xxx ... xxx] -Services IIS

Or open IIS > Sites > SBS Web Applications > Properties > Edit Bindings > https (443) > Edit and it will show you which certificate is being used.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
mkre03Author Commented:
To JEaston
I don't even get to the point where I'd be able to import/accept the certificate. The behaviour is quite strange: as if the validation doesn't even take place... just: Page cannot be displayed  - but it works within LAN. Thanks for your quick response!
 
To marcustech
I've seen it I've checked, it its there,  it's self issued and it's valid,
One and the same certificate is user for accesing owa(443) as for accesing companyweb (987), right?

My main question right now is not about the validity or the type of certificate, I'd just like to find out why don't I get the "There is a problem with this website's security certificate." warning when I try to connect to the owa from outside the company, but I get it when I'm inside...
 

 
0
 
marcustechCommented:
Page cannot be displayed  - but it works within LAN
Page cannot be displayed doesn't normally indicate a certificate problem.  What bits of network do you have between the internet and the server?  Is the firewall on on the server?  I take it that this is the same with all external clients?
0
 
marcustechCommented:
Sorry, by 'bits of network' I mean modems, routers, managed switches, firewalls etc.
0
 
mkre03Author Commented:
The thing is, that we moved the server that was working just fine to a new location, where there was a different internet connection, provided by the same ISP, so I talked to their DNS admins to make the necessary changes - redirect the trafic for the existing domain to different public IP adress, I don't think that this could be the reason for the problem I'm expiriencing.
The only bit of network that is configurable is the router which has the external trafic thru port 443 redirected to internal IP address of the server (same port). Same for ports 987 and 80... but apps that use these ports (iis7web and companyweb) perform well...
0
 
Cliff GaliherCommented:
Except you should *never* see the IIS7 homepage, even on port 80. By default that should be the RWW login/landing page for SBS. Which means IIS is not getting the host header it is expecting and is not sending the RWW redirect from 80 to 443. ...aka....busted host headers and bindings.

-Cliff
0
 
jaredr80Commented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.