SBS 2003 and SSL OWA problem

Cyb3tT3ch used Ask the Experts™
Dear all

Thanks for a great forum, this is my first article so please be gentle.

Having a few problems with SSL on a client SBS 2003 Server and was hoping to get some much needed help here.

In short, I can’t get SSL working with a self-signed certificate on a Windows 2003 SBS box.


All troubleshooting is done from the localhost only not from an external IP, I can’t even get the "https://localhost/exchange" link to work when SSL is enabled.

When SSL is not ticked under IIS, OWA is working. In other words I get a user authentication screen and can log into the web interface.

When SSL is ticked I do not get any certificate warning or the option to log in. I just get a “Internet Explorer cannot display the webpage” error, check below screen.
Error-OWAHere is what I done so far in trying to troubleshoot the problem:
Reset the default virtual directories according to this article:
Disabled Form based authentication
Removed old certificate’s from the server
Trying to create a new self-signed certificate based on this article
But without success, getting “Failed to Create ‘CerficateAuthority.Request’ object” when running after “Submit a certificate request by using a base-64-encoded CMC”, check below screenError-Cert
Ran MS SSL Diagnostic and getting the following errors, check attachment "SSL_Diag" for full details:
#WARNING: SSL port (SecureBindings) set but certificate not installed
#WARNING:AccessSSL = True (resource inaccessible due to SSL does not work on this website)
#WARNING:AccessSSL128 = True (resource inaccessible due to SSL does not work on this website)
#WARNING: SSL port (SecureBindings) set but certificate not installed
#WARNING:CertVerifyCertificateChainPolicy returned error -2146762487(0x800b0109)
In “SSL_Diag” Actual domain name is replaced with the name: “company_domain”
My certificate knowledge is not strong and I am struggling a bit on what to try next, so any help is appreciated.

Thanks guys
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Try using the tool SelfSSL in the IIS resource kit.  It make the SSL task simple for Exchange 2003.  Hint.  When you make the SSL one of the switches /V is the number of days.  Use something like 3000 to give you many years if you prefer.  Then you won't have to deal with it again.

This page has the walk through
Alan HardistyCo-Owner
Top Expert 2011

As you have SBS - you should only need to run the Connect To The Internet Wizard (not use any SelfSSL tools).

Click on Start> Server Manager> To Do List> Connect to The Internet.  Complete the wizard without changing anything unless you need to create a new correctly named SSL certificate and then test OWA.


Guys thanks for the suggestions.

That worked... Brilliant
I now have another problem though, which I believe is due to IIS authentication, however I will create a new post for that issue.

The Wizard was already run once in the past and the cert was working previously. Running the wizard again would possibly also have solved the issue.
Alan HardistyCo-Owner
Top Expert 2011

Running the wizard - because you have SBS is the correct way to go about fixing SBS.

The Wizard is extremely simple to use and ties all of the elements of SBS together and sets all of the settings correctly.

SBS was designed to be maintained by someone with little knowledge and the Wizards are there to ease the pain of administering it.  Not using them ends up breaking SBS most of the time.

I am glad it worked for you - but you should be using the wizards.  Case in point - You now have an IIS authentication problem which the Wizard would have probably fixed for you too.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial