Solved

Certificate error accessing OWA internally

Posted on 2012-03-21
6
596 Views
Last Modified: 2012-03-21
Hi Experts
The certificate for my Outlook Web Access contains the server name mail.domain.co.uk.
For external users this works fine.
For internal users, they get a certificate error, which I expect, seeing as they use the server's hostname to connect instead of the external domain name.
Is there any way around this? Can I configure IE8/9 to ignore certificate errors for certain websites?
Using Exchange 2003.
Cheers
0
Comment
Question by:failed
6 Comments
 
LVL 12

Expert Comment

by:DLeaver
ID: 37747775
You would need to implement a SAN certificate (Subject alternative name) that you can then include the alternative names (including the local FQDN and the NetBIOS name, that will stop this issue from occuring

You can get some very reasonably priced ones here

https://certificatesforexchange.com/
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 37747813
You could try creating an internal DNS record for mail.domain.co.uk (pointing to the internal IP address), so that your internal users can use the same name, but reach the same server.
0
 

Author Comment

by:failed
ID: 37747981
I tried creating an internal DNS record but it appends the record with my domain name, so it still doesn't match the certificate.

I was hoping not to spend any money on this one, so don't want to go for a SAN cert.

It's not a huge issue, as OWA isn't accessed often internally.

Any other ideas?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 37748092
It sounds like you tried to create an A record for 'mail.domain.co.uk' inside your DNS lookup zone.  You just need to create a record for 'mail' and point it at your server's internal IP address.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 37748104
The only way around this without requesting (and paying for) a new cert is to finagle with your internal DNS.  Instead of just creating a record, though, you need to create a new forward lookup zone named mail.domain.co.uk.  Inside that zone, create a blank host record with the internal IP of the mail server.  Since it's in a new zone, your internal domain name won't get appended to it, and since the zone is named mail.domain.co.uk, you won't have to worry about your internal DNS server thinking it's authoritative for the whole domain.co.uk zone.  It's only slightly kludgy, and it won't cost you a penny.
0
 

Author Closing Comment

by:failed
ID: 37748386
Perfect! Works like a charm.

Thanks
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now