Solved

Certificate error accessing OWA internally

Posted on 2012-03-21
6
600 Views
Last Modified: 2012-03-21
Hi Experts
The certificate for my Outlook Web Access contains the server name mail.domain.co.uk.
For external users this works fine.
For internal users, they get a certificate error, which I expect, seeing as they use the server's hostname to connect instead of the external domain name.
Is there any way around this? Can I configure IE8/9 to ignore certificate errors for certain websites?
Using Exchange 2003.
Cheers
0
Comment
Question by:failed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 12

Expert Comment

by:DLeaver
ID: 37747775
You would need to implement a SAN certificate (Subject alternative name) that you can then include the alternative names (including the local FQDN and the NetBIOS name, that will stop this issue from occuring

You can get some very reasonably priced ones here

https://certificatesforexchange.com/
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 37747813
You could try creating an internal DNS record for mail.domain.co.uk (pointing to the internal IP address), so that your internal users can use the same name, but reach the same server.
0
 

Author Comment

by:failed
ID: 37747981
I tried creating an internal DNS record but it appends the record with my domain name, so it still doesn't match the certificate.

I was hoping not to spend any money on this one, so don't want to go for a SAN cert.

It's not a huge issue, as OWA isn't accessed often internally.

Any other ideas?
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 37748092
It sounds like you tried to create an A record for 'mail.domain.co.uk' inside your DNS lookup zone.  You just need to create a record for 'mail' and point it at your server's internal IP address.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 37748104
The only way around this without requesting (and paying for) a new cert is to finagle with your internal DNS.  Instead of just creating a record, though, you need to create a new forward lookup zone named mail.domain.co.uk.  Inside that zone, create a blank host record with the internal IP of the mail server.  Since it's in a new zone, your internal domain name won't get appended to it, and since the zone is named mail.domain.co.uk, you won't have to worry about your internal DNS server thinking it's authoritative for the whole domain.co.uk zone.  It's only slightly kludgy, and it won't cost you a penny.
0
 

Author Closing Comment

by:failed
ID: 37748386
Perfect! Works like a charm.

Thanks
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question