Solved

Certificate error accessing OWA internally

Posted on 2012-03-21
6
597 Views
Last Modified: 2012-03-21
Hi Experts
The certificate for my Outlook Web Access contains the server name mail.domain.co.uk.
For external users this works fine.
For internal users, they get a certificate error, which I expect, seeing as they use the server's hostname to connect instead of the external domain name.
Is there any way around this? Can I configure IE8/9 to ignore certificate errors for certain websites?
Using Exchange 2003.
Cheers
0
Comment
Question by:failed
6 Comments
 
LVL 12

Expert Comment

by:DLeaver
ID: 37747775
You would need to implement a SAN certificate (Subject alternative name) that you can then include the alternative names (including the local FQDN and the NetBIOS name, that will stop this issue from occuring

You can get some very reasonably priced ones here

https://certificatesforexchange.com/
0
 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 37747813
You could try creating an internal DNS record for mail.domain.co.uk (pointing to the internal IP address), so that your internal users can use the same name, but reach the same server.
0
 

Author Comment

by:failed
ID: 37747981
I tried creating an internal DNS record but it appends the record with my domain name, so it still doesn't match the certificate.

I was hoping not to spend any money on this one, so don't want to go for a SAN cert.

It's not a huge issue, as OWA isn't accessed often internally.

Any other ideas?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 31

Expert Comment

by:LeeDerbyshire
ID: 37748092
It sounds like you tried to create an A record for 'mail.domain.co.uk' inside your DNS lookup zone.  You just need to create a record for 'mail' and point it at your server's internal IP address.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 37748104
The only way around this without requesting (and paying for) a new cert is to finagle with your internal DNS.  Instead of just creating a record, though, you need to create a new forward lookup zone named mail.domain.co.uk.  Inside that zone, create a blank host record with the internal IP of the mail server.  Since it's in a new zone, your internal domain name won't get appended to it, and since the zone is named mail.domain.co.uk, you won't have to worry about your internal DNS server thinking it's authoritative for the whole domain.co.uk zone.  It's only slightly kludgy, and it won't cost you a penny.
0
 

Author Closing Comment

by:failed
ID: 37748386
Perfect! Works like a charm.

Thanks
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
This video discusses moving either the default database or any database to a new volume.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question