Managing Active Directory can get complicated. Often, the native tools for managing AD are just not up to the task. The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
New 3rd Party SSL Certificate Stops OWA and Activesync working
Posted on 2013-01-07
Hi,
I have recently been asked to change the exisiting self-signed SSL Certificate on a server for a 3rd party Certificate for compliance reasons.
I have new certificates from www.networksolutions.com.
The exisiting certificate is for "mail.mydomain.com" issued by "mail.mydomain.com"
My new one if for "mail.mydomain.com" issued by Network Solutions DV Server.
I have installed the 2 other certificates (AddTrustExternalCARoot) and (NetworkSolutionsDVserverC
However, as soon as i replace my existing self-signed certificate (which all works) with the new NetworkSolutions Certificate, OWA and Activesync stop working.
What am I missing? Help
I have recently been asked to change the exisiting self-signed SSL Certificate on a server for a 3rd party Certificate for compliance reasons.
I have new certificates from www.networksolutions.com.
The exisiting certificate is for "mail.mydomain.com" issued by "mail.mydomain.com"
My new one if for "mail.mydomain.com" issued by Network Solutions DV Server.
I have installed the 2 other certificates (AddTrustExternalCARoot) and (NetworkSolutionsDVserverC
However, as soon as i replace my existing self-signed certificate (which all works) with the new NetworkSolutions Certificate, OWA and Activesync stop working.
What am I missing? Help
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
6-
6
13 Comments
Active today
what SAN's have you included in the certificate
what services have you attached to the certificate
once you have changed it over you can use https://www.testexchangeconnectivity.com/
to check for errors
what services have you attached to the certificate
once you have changed it over you can use https://www.testexchangeconnectivity.com/
to check for errors
I only included our "mail.mydomain.com"
how do i attach services etc?
Shall i post the https://www.testexchangeconnectivity.com/ log?
how do i attach services etc?
Shall i post the https://www.testexchangeconnectivity.com/ log?
Was the self-signed cert also for mail.mydomain.com or simply mailservername? You may need to install any trusted roots that are not currently on your clients.
Yes self-signed was exactly same (mail.mydomain.com).
How do i install trusted roots on clients and iphones etc?
How do i install trusted roots on clients and iphones etc?
Active today
it depends on how you have your external service configured
is OWA and Active Sync pointed at the same url i.e. https://mail.mydomain.com/owa or
https://mail.mydomain.com/active-sync
is OWA and Active Sync pointed at the same url i.e. https://mail.mydomain.com/owa or
https://mail.mydomain.com/active-sync
Active today
to attach services...
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm
follow the last bit - if you assign IIS then that will cover OWA and Active Sync
if you post the log then it might be easier to see where any possible problems are
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm
follow the last bit - if you assign IIS then that will cover OWA and Active Sync
if you post the log then it might be easier to see where any possible problems are
Active today
ahh sorry, my fault had assumed 2007 or 2010
you will probably need to do something in IIS, let me have a check its been a while since i played with 2003
you will probably need to do something in IIS, let me have a check its been a while since i played with 2003
Yep.
think i need to create a new CRS request or somehting?
Seems that OWA works internally on server. Iphones do not work. OWA not working externally
think i need to create a new CRS request or somehting?
Seems that OWA works internally on server. Iphones do not work. OWA not working externally
I think the issue is that when i created my CRS then i may not have chosen the correct info.
In exchange my DNS says "mydomain.com" but my FQDN is "servername.mydomain.local
What info should i use in my CRS? The self-generated certificate that works with iphones is "servername.mydomain.local
Help
In exchange my DNS says "mydomain.com" but my FQDN is "servername.mydomain.local
What info should i use in my CRS? The self-generated certificate that works with iphones is "servername.mydomain.local
Help
Active today
for your certificate it should contain
external server fqdn i.e. owa.yourexteranldomain.com
as you are attaching this to your IIS service on exchange for owa you either need to include at least the following as well
internalserver.mydomain.lo
netbios name
autodiscover
external server fqdn i.e. owa.yourexteranldomain.com
as you are attaching this to your IIS service on exchange for owa you either need to include at least the following as well
internalserver.mydomain.lo
netbios name
autodiscover
Featured Post
If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
In-place Upgrading Dirsync to Azure AD Connect
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center.
Navigate to the Recipients >> Sha…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center.
Navigate to the Servers >> Certificates…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month6 days, 7 hours left to enroll
636 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.