?
Solved

Outlook Web Access SSL Certificate

Posted on 2012-04-13
11
Medium Priority
?
406 Views
Last Modified: 2012-05-05
A couple of years ago I received some excellent advice from the Experts on how to set up Outlook Web Access in SBS2003 and have set up a number of these.
One issue I’m having difficulty in my head round is how the SSL Certificates work.
I was advised to always purchase a SSL certificate and did so on my first few OWA installs. Then a colleague told me this was unnecessary as SBS has its own facility to create a Certificate at no cost. So this is how I did them from then on. So what I’m failing to see is what is the benefit of paying money for a SSL certificate. In both the ones I’ve done with and without installing a paid-for certificate, the user performs exactly the same procedures to get to their OWA email, ie navigate to say owa.mydomain.com/exchange and, after getting a screen warning that there is a problem with the certificate and it is not recommended to continue, they simply select ‘Continue to this website (not recommended)’ and get to the logon name & password prompt for their email. This to me does not seem particularly secure and I wonder if there is a way of making it more secure?
On a more specific note, I have a current issue with one of my OWA setups whereby after making the usual selection ‘Continue to this website (not recommended)’ I just get a ‘Service Unavailable’ message in big black writing at the top left. Any ideas on how to fault-find this?
0
Comment
Question by:laurencoull
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
11 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37841560
The main difference between paid vs self-issued is down to trust (or lack of) for the issuing authority and the admin / graft that has to be done to make things work vs no graft to make things work.

With a self issued certificate, you need to install the certificate on eqch and every client using RPC over HTTPS and when the cert expires, you need to reinstall the new cert.  fine if you only have 5 users, but a pain for 65.

With a purchased SSL cert, this isn't a problem (unless you choose a random untrusted provider) as the issuing authority is already trusted by the client, so you don't have to install any certs other than on the server.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37841565
In terms of your fault - just re-run the connect to the Internet wizard, change nothing and see how the site behaves afterwards.

If still no joy, please advise.
0
 

Author Comment

by:laurencoull
ID: 37844832
Hi Alan
Cheers for your 2 postings:
On your 1st posting:
Makes sense, but only thing I'd say is that I've never had to install the certificate on each client, or indeed on any client, when using a self issued certificate, but have always got it to work. Strange?
On your 2nd posting:
Oh dear...... did so: Got 3 green ticks (Network, Secure website & Email config) & 1 red cross with message 'An error occurred while configuring a component: Firewall configuration'. Tried a second time: Same.
Now on navigating to https://owa.mydomain.com/exchange instead of getting to the Continue to website page then the 'Service Unavailable' after choosing to continue, I don't even get the Continue to website page, I just get an immediate 'Internet Explorer cannot display the webpage'
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37844997
0
 

Author Comment

by:laurencoull
ID: 37853732
Ok:
Checked that out & the registry key does match the IIS value.
Investigated the suggestion about stopping the Vipre service, however there isn't a Service listed called Vipre
Do you think the fact the Firewall part of the wizard failing is connected to my OWA problem?
Anyhow, I noticed after completing the wizard (as mentioned previously) that instead of getting to the Continue to website page then the 'Service Unavailable' after choosing to continue, I don't even get the Continue to website page, I just get an immediate 'Internet Explorer cannot display the webpage' message
I also noticed that:
The HTTP SSL Service was in a 'Stopping' state
The WWW Publishing Service was in a 'Starting' state
So I re-booted the server
Voila (I thought)..... the Services are all ok & OWA started working again!.... but only for a few hours, then it went back to the original 'Service Unavailable'
Tried running the connect to the Internet wizard again & it failed as before, ie at the Firewall config
And, just exactly as before after running the wizard.............
The HTTP SSL Service has gone into a 'Stopping' state
The WWW Publishing Service has gone into a 'Starting' state
and OWA just returns ''Internet Explorer cannot display the webpage'
I'm willing to bet that if I re-boot again, it will likely start workign again but only briefly then go back to its 'Service Unavailable'
What next to try then....................?
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 37874501
Is the server you're having issues with, still SBS 2003?
If so, how many NICs in the server and are you running ISA?

If this is a later version, which one?
0
 

Author Comment

by:laurencoull
ID: 37875358
Yes SBS2003.
There are 2 on-board NICs, however the second one is not used and is disabled
No, not running ISA.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 37875857
what is the URL you are using to connect for OWA?
If would be helpful if you did mask these...remember these are on public DNS servers anyway and enough effort they can be discovered :-)

What are you using for a firewall/router?
0
 

Author Comment

by:laurencoull
ID: 37875928
https://owa.mydomainname/exchange
Using a Cisco PIX501 firewall
I don't think there can be a problem with the external setup side of the OWA, as I say this did used to work and there have been no changes made to the config. And it still does work sporadically, so I'm more inclined to think the issue's with the server side.
0
 
LVL 35

Accepted Solution

by:
Cris Hanna earned 2000 total points
ID: 37876138
You should run the SBS 2003 BPA and consider re-running the Connect to email and internet wizard

Also verify the exchange site in IIS is running on .net 1.1 and not 2.0(or other higher version)
0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question