Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1256
  • Last Modified:

Self Signed Certificate for Default Web Site in IIS6

The certificate for my SBS2003 server expired not too long ago so I decided to create a new self signed certificate to replace it and also to utilize Outlook Anywhere (RPCoverHTTP) for my clients.  Everything seemed to fine, including Outlook Anywhere, after creating the certificate and replacing it in Default Web Site in IIS6.  And just for more details I used the FQDN, example.domain.com.  

Now this is where I noticed an issue.  Under the Default Web Site in IIS6 I have the virtual directories for Exchange (Outlook Web Access) and Remote (for Remote Web Workplace) and also Exadmin and Exchange-oma (for mobile access).  What happens now is that when I open Exchange System Manager and try to browse my 'Public Folders' I receive the error:  

The SSL certificate server name is incorrect.
ID no: c103b404 Exchange System Manager.

I thought that this could be an easy fix by removing the 'Require secure channel (SSL) option from within the Exadmin virtual directory under Default Web Site, but even after doing that and restarting IIS I still get the same error when browsing my public folders within Exchange System Manager.  The only thing I have found to fix this is to create a new self signed certificate with the FQDN including the SBS hostname: server.example.domain.com, instead of just example.domain.com.  But if I replace the certificate for the Default Web Site with this new certificate with the hostname my Outlook Web Access and Remote Web Workplace website will no longer function.  

So my question is how do I get the Default Web Site self signed certificate to work with all virtual directories that are under the Default Web Site in IIS6?  Am I using the wrong FQDN in my certificate when I create it?  Or is there something else I am simply overlooking.  Any help with this is appreciated as always.
0
ColumbiaMarketing
Asked:
ColumbiaMarketing
1 Solution
 
ColumbiaMarketingAuthor Commented:
So after troubleshooting again I have found the solution that worked for my situation.  Basically, I had to follow these directions to clear the port 443 binding from the Exadmin virtual directory in IIS with ADSIedit:

http://www.roachy.net/the-ssl-certificate-server-name-is-incorrect-id-no-c103b404/

And you also need to disable the "Require secure channel (SSL)" option on the Exadmin virtual directory in IIS as well.  Once I made both of these changes I was then able to browse my Public Folders in Exchange System Manager and also utilize my certificate for Outlook Anywhere.  

I would also like to mention that this solution seems appropriate for an SBS environment where there is only one Exchange server.  This may not be the right option if you are using two servers (front end/back end) and require SSL for security.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now