Solved

OWA, SBS2008, no "There is a problem with this website's security certificate." warning when accesing from outside

Posted on 2011-09-13
10
791 Views
Last Modified: 2012-05-12
-SBS2008 installation, self issued certificate
-owa, companyweb accesible from inside LAN or via VPN, getting warning prompt about security certificate.

When accesing from outside
accesing via http port 80 works (shows iis homepage)
accesing companyweb via port987 works (with warning prompt as expected)
accesing owa via htpps port 443  - no warning prompt, just  cannot display the webpage, as if there is no certificate - any kind of certificate.
Where to look to "turn on" the certificate for owa when trying to get acces from outside lan?




0
Comment
Question by:mkre03
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 10

Expert Comment

by:JEaston
ID: 36530927
The problem with Self Issued Certificates is that a browser cannot verify it becuase it either does not know or does not trust the certificate authority.

However, it is possible to install the certificate on each computer that has the problem.  It has been a while since I have needed to do this, but you should be able to view the certificate when you get the error message, and then install this on the computer in question.

If you use a lot of certificates it may be easier to install your 'root' server.  You would need to distribute this key to all the relevant computers though.

Sorry the answer is a bit vague.  It has been a couple of years since I last had to deal with digital certificates!
0
 
LVL 12

Expert Comment

by:marcustech
ID: 36531078
From Exchange Management Shell: get-ExchangeCertificate
To enable a different certificate you will need to make a note of the thumbprint of the certificate you wish to use and then run Enable-ExchangeCertificate -Thumbprint [xxx ... xxx] -Services IIS

Or open IIS > Sites > SBS Web Applications > Properties > Edit Bindings > https (443) > Edit and it will show you which certificate is being used.
0
 

Author Comment

by:mkre03
ID: 36531278
To JEaston
I don't even get to the point where I'd be able to import/accept the certificate. The behaviour is quite strange: as if the validation doesn't even take place... just: Page cannot be displayed  - but it works within LAN. Thanks for your quick response!
 
To marcustech
I've seen it I've checked, it its there,  it's self issued and it's valid,
One and the same certificate is user for accesing owa(443) as for accesing companyweb (987), right?

My main question right now is not about the validity or the type of certificate, I'd just like to find out why don't I get the "There is a problem with this website's security certificate." warning when I try to connect to the owa from outside the company, but I get it when I'm inside...
 

 
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 12

Expert Comment

by:marcustech
ID: 36532171
Page cannot be displayed  - but it works within LAN
Page cannot be displayed doesn't normally indicate a certificate problem.  What bits of network do you have between the internet and the server?  Is the firewall on on the server?  I take it that this is the same with all external clients?
0
 
LVL 12

Expert Comment

by:marcustech
ID: 36532268
Sorry, by 'bits of network' I mean modems, routers, managed switches, firewalls etc.
0
 
LVL 57

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 36532473
***SBS***  ...use the wizards, use the wizards, use the wizards. The fact that this is working in the LAN and failing when accessing externally shows that your host bindings are all sorts of screwed up.

1) Run the Internet Address Management Wizard and set your host name. This will set appropriate settings in log files, Active Directory, and IIS, as well as create a new self-signed certificate. If you are using PowerShell, you have already gone off the rails.

2) Run the Fix My Network Wizard. This will fix IIS bindings, ensure the certificate is properly attached to IIS *and* Exchange, and ensure OWA is set up properly.

3) Run the SBS Best Practices Analyzer. Fix any remaining issues it reports.

-Cliff
0
 

Author Comment

by:mkre03
ID: 36532497
The thing is, that we moved the server that was working just fine to a new location, where there was a different internet connection, provided by the same ISP, so I talked to their DNS admins to make the necessary changes - redirect the trafic for the existing domain to different public IP adress, I don't think that this could be the reason for the problem I'm expiriencing.
The only bit of network that is configurable is the router which has the external trafic thru port 443 redirected to internal IP address of the server (same port). Same for ports 987 and 80... but apps that use these ports (iis7web and companyweb) perform well...
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 36532611
Except you should *never* see the IIS7 homepage, even on port 80. By default that should be the RWW login/landing page for SBS. Which means IIS is not getting the host header it is expecting and is not sending the RWW redirect from 80 to 443. ...aka....busted host headers and bindings.

-Cliff
0
 
LVL 6

Expert Comment

by:jaredr80
ID: 37960017
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question