Solved

Certificate error accessing OWA internally

Posted on 2012-03-21
6
598 Views
Last Modified: 2012-03-21
Hi Experts
The certificate for my Outlook Web Access contains the server name mail.domain.co.uk.
For external users this works fine.
For internal users, they get a certificate error, which I expect, seeing as they use the server's hostname to connect instead of the external domain name.
Is there any way around this? Can I configure IE8/9 to ignore certificate errors for certain websites?
Using Exchange 2003.
Cheers
0
Comment
Question by:failed
6 Comments
 
LVL 12

Expert Comment

by:DLeaver
ID: 37747775
You would need to implement a SAN certificate (Subject alternative name) that you can then include the alternative names (including the local FQDN and the NetBIOS name, that will stop this issue from occuring

You can get some very reasonably priced ones here

https://certificatesforexchange.com/
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 37747813
You could try creating an internal DNS record for mail.domain.co.uk (pointing to the internal IP address), so that your internal users can use the same name, but reach the same server.
0
 

Author Comment

by:failed
ID: 37747981
I tried creating an internal DNS record but it appends the record with my domain name, so it still doesn't match the certificate.

I was hoping not to spend any money on this one, so don't want to go for a SAN cert.

It's not a huge issue, as OWA isn't accessed often internally.

Any other ideas?
0
The New “Normal” in Modern Enterprise Operations

DevOps for the modern enterprise offers many benefits — increased agility, productivity, and more, but digital transformation isn’t easy, especially if you’re not addressing the right issues. Register for the webinar to dive into the “new normal” for enterprise modern ops.

 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 37748092
It sounds like you tried to create an A record for 'mail.domain.co.uk' inside your DNS lookup zone.  You just need to create a record for 'mail' and point it at your server's internal IP address.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 37748104
The only way around this without requesting (and paying for) a new cert is to finagle with your internal DNS.  Instead of just creating a record, though, you need to create a new forward lookup zone named mail.domain.co.uk.  Inside that zone, create a blank host record with the internal IP of the mail server.  Since it's in a new zone, your internal domain name won't get appended to it, and since the zone is named mail.domain.co.uk, you won't have to worry about your internal DNS server thinking it's authoritative for the whole domain.co.uk zone.  It's only slightly kludgy, and it won't cost you a penny.
0
 

Author Closing Comment

by:failed
ID: 37748386
Perfect! Works like a charm.

Thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question