Solved

SSL/IIS/Ports Email Strategy

Posted on 2013-01-08
4
265 Views
Last Modified: 2013-03-11
Hi. Got an IIS/ports /gateway issue and not sure whats the best way to deal with this.

On server 2003 I have exchange 2003 its a member server. I need to apply an SSL cert for OWA. However on the same IIS, I have a .net web service web site with its own dedicated IP using port 443 with an SSL certificate. I cannot change this .net web service in any way as it deals with flowing orders to our back end sql server from Internet web shops. Also, I cannot change the default gateway of the server as it would impact the web service. Both of these IIS sites are on a server that connects to the internet and has only one externally facing IP address.

I have tried applying the SSL for OWA but I cannot seem to use 443 - which I need to - as mobile handsets etc require 443  - also I dont want users having to manually input a random port number into browsers etc. (the ssl does work with a random port number but I backed the change out). I just need it to be https://mail.mycompany.com/exchange

The exchange site in IIS uses its own IP address and not 'all unassigned' -I was under the impression that you could use ssl and 443 on separate IP addresses but when we apply it we are getting a certificate error and it seems to be picking up the .net web service ssl cert details. I worked with the SSL provider to verify the implementation - at the end of which I was told that this may be because its all sitting on one single external IP address. Can anyone verify this before I proceed to look at other strategies?

Thanks
0
Comment
Question by:pabby0612
  • 3
4 Comments
 
LVL 19

Expert Comment

by:Kash
ID: 38754022
what kind of certificate do you have installed for your web shop. If its a single SAN certificate then I would be tempted to upgrade it to a mulitple SAN certificate and add corresponding exchange details in for OWA.

you didn't say whether emails are flowing fine or not so I assume they are.

That is one cheap solution I would try.

Also, if we were to go to second IP route, do you have any NIC installed which can have a totally different IP, then you are talking about pointing traffic to relevant ports on the router and things get complicated. Go from simpler checks to the complex ones.
0
 

Author Comment

by:pabby0612
ID: 38763209
Hi,  there are two separate domain names involved here -  the webservice has one totally different to the mail server. Both domain names point to the same external IP address. - which in turn pass traffic (443 for web service and 25 for smtp) to the one single server

I am assuming that the multiple SAN cert relies on the underlying domain name to be the same? I am not sure about this part though...

I could change the mx records so that the mail hits another external IP that I have and gets passed to the mail server. But what happens for outgoing mail - I cannot change the default gateway of the mail server - so email would come in one route and out of another - never done this before - would that work?  can it be done?

thanks
0
 

Accepted Solution

by:
pabby0612 earned 0 total points
ID: 38786328
Hi,

I have found an alternative solution to this issue and the question above is no longer relevant.  Thanks.
0
 

Author Closing Comment

by:pabby0612
ID: 38972980
alternative solution has been found
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question