Avatar of jerseysam
jerseysam
Flag for United Kingdom of Great Britain and Northern Ireland asked on

New 3rd Party SSL Certificate Stops OWA and Activesync working

Hi,

I have recently been asked to change the exisiting self-signed SSL Certificate on a server for a 3rd party Certificate for compliance reasons.

I have new certificates from www.networksolutions.com.

The exisiting certificate is for "mail.mydomain.com" issued by "mail.mydomain.com"

My new one if for "mail.mydomain.com" issued by Network Solutions DV Server.

I have installed the 2 other certificates (AddTrustExternalCARoot) and (NetworkSolutionsDVserverCA) to the Intermediate Certification Authorities Certificates using MMC and Certificates. As well as placing the "mail.mydomain.com" certificate into Personal.

However, as soon as i replace my existing self-signed certificate (which all works) with the new NetworkSolutions Certificate, OWA and Activesync stop working.

What am I missing? Help
ExchangeSBSSSL / HTTPS

Avatar of undefined
Last Comment
jerseysam

8/22/2022 - Mon
Chris

what SAN's have you included in the certificate

what services have you attached to the certificate

once you have changed it over you can use https://www.testexchangeconnectivity.com/
to check for errors
jerseysam

ASKER
I only included our "mail.mydomain.com"

how do i attach services etc?

Shall i post the https://www.testexchangeconnectivity.com/  log?
ASKER CERTIFIED SOLUTION
OriNetworks

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
jerseysam

ASKER
Yes self-signed was exactly same (mail.mydomain.com).

How do i install trusted roots on clients and iphones etc?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Chris

it depends on how you have your external service configured

is OWA and Active Sync pointed at the same url i.e. https://mail.mydomain.com/owa or
https://mail.mydomain.com/active-sync
Chris

to attach services...

http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm

follow the last bit - if you assign IIS then that will cover OWA and Active Sync

if you post the log then it might be easier to see where any possible problems are
jerseysam

ASKER
Exchange 2003 and IIS v 6.0 so dont seem to have assign services
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Chris

ahh sorry, my fault had assumed 2007 or 2010


you will probably need to do something in IIS, let me have a check its been a while since i played with 2003
Chris

jerseysam

ASKER
Yep.

think i need to create a new CRS request or somehting?

Seems that OWA works internally on server. Iphones do not work. OWA not working externally
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
jerseysam

ASKER
I think the issue is that when i created my CRS then i may not have chosen the correct info.

In exchange my DNS says "mydomain.com" but my FQDN is "servername.mydomain.local"

What info should i use in my CRS? The self-generated certificate that works with iphones is "servername.mydomain.local"

Help
SOLUTION
Chris

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
jerseysam

ASKER
Yes i thought internalserver.mydomain.local is what i need, as this works correctly if i use a self-signed and generated SSL certificate.

Will need to create a new CRS and ask the 3rd party to issue a new certificate (is they will for a .local).