Solved

SSL/IIS/Ports Email Strategy

Posted on 2013-01-08
4
254 Views
Last Modified: 2013-03-11
Hi. Got an IIS/ports /gateway issue and not sure whats the best way to deal with this.

On server 2003 I have exchange 2003 its a member server. I need to apply an SSL cert for OWA. However on the same IIS, I have a .net web service web site with its own dedicated IP using port 443 with an SSL certificate. I cannot change this .net web service in any way as it deals with flowing orders to our back end sql server from Internet web shops. Also, I cannot change the default gateway of the server as it would impact the web service. Both of these IIS sites are on a server that connects to the internet and has only one externally facing IP address.

I have tried applying the SSL for OWA but I cannot seem to use 443 - which I need to - as mobile handsets etc require 443  - also I dont want users having to manually input a random port number into browsers etc. (the ssl does work with a random port number but I backed the change out). I just need it to be https://mail.mycompany.com/exchange

The exchange site in IIS uses its own IP address and not 'all unassigned' -I was under the impression that you could use ssl and 443 on separate IP addresses but when we apply it we are getting a certificate error and it seems to be picking up the .net web service ssl cert details. I worked with the SSL provider to verify the implementation - at the end of which I was told that this may be because its all sitting on one single external IP address. Can anyone verify this before I proceed to look at other strategies?

Thanks
0
Comment
Question by:pabby0612
  • 3
4 Comments
 
LVL 19

Expert Comment

by:Kash
Comment Utility
what kind of certificate do you have installed for your web shop. If its a single SAN certificate then I would be tempted to upgrade it to a mulitple SAN certificate and add corresponding exchange details in for OWA.

you didn't say whether emails are flowing fine or not so I assume they are.

That is one cheap solution I would try.

Also, if we were to go to second IP route, do you have any NIC installed which can have a totally different IP, then you are talking about pointing traffic to relevant ports on the router and things get complicated. Go from simpler checks to the complex ones.
0
 

Author Comment

by:pabby0612
Comment Utility
Hi,  there are two separate domain names involved here -  the webservice has one totally different to the mail server. Both domain names point to the same external IP address. - which in turn pass traffic (443 for web service and 25 for smtp) to the one single server

I am assuming that the multiple SAN cert relies on the underlying domain name to be the same? I am not sure about this part though...

I could change the mx records so that the mail hits another external IP that I have and gets passed to the mail server. But what happens for outgoing mail - I cannot change the default gateway of the mail server - so email would come in one route and out of another - never done this before - would that work?  can it be done?

thanks
0
 

Accepted Solution

by:
pabby0612 earned 0 total points
Comment Utility
Hi,

I have found an alternative solution to this issue and the question above is no longer relevant.  Thanks.
0
 

Author Closing Comment

by:pabby0612
Comment Utility
alternative solution has been found
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now