?
Solved

SSL/IIS/Ports Email Strategy

Posted on 2013-01-08
4
Medium Priority
?
271 Views
Last Modified: 2013-03-11
Hi. Got an IIS/ports /gateway issue and not sure whats the best way to deal with this.

On server 2003 I have exchange 2003 its a member server. I need to apply an SSL cert for OWA. However on the same IIS, I have a .net web service web site with its own dedicated IP using port 443 with an SSL certificate. I cannot change this .net web service in any way as it deals with flowing orders to our back end sql server from Internet web shops. Also, I cannot change the default gateway of the server as it would impact the web service. Both of these IIS sites are on a server that connects to the internet and has only one externally facing IP address.

I have tried applying the SSL for OWA but I cannot seem to use 443 - which I need to - as mobile handsets etc require 443  - also I dont want users having to manually input a random port number into browsers etc. (the ssl does work with a random port number but I backed the change out). I just need it to be https://mail.mycompany.com/exchange

The exchange site in IIS uses its own IP address and not 'all unassigned' -I was under the impression that you could use ssl and 443 on separate IP addresses but when we apply it we are getting a certificate error and it seems to be picking up the .net web service ssl cert details. I worked with the SSL provider to verify the implementation - at the end of which I was told that this may be because its all sitting on one single external IP address. Can anyone verify this before I proceed to look at other strategies?

Thanks
0
Comment
Question by:pabby0612
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 19

Expert Comment

by:Kash
ID: 38754022
what kind of certificate do you have installed for your web shop. If its a single SAN certificate then I would be tempted to upgrade it to a mulitple SAN certificate and add corresponding exchange details in for OWA.

you didn't say whether emails are flowing fine or not so I assume they are.

That is one cheap solution I would try.

Also, if we were to go to second IP route, do you have any NIC installed which can have a totally different IP, then you are talking about pointing traffic to relevant ports on the router and things get complicated. Go from simpler checks to the complex ones.
0
 

Author Comment

by:pabby0612
ID: 38763209
Hi,  there are two separate domain names involved here -  the webservice has one totally different to the mail server. Both domain names point to the same external IP address. - which in turn pass traffic (443 for web service and 25 for smtp) to the one single server

I am assuming that the multiple SAN cert relies on the underlying domain name to be the same? I am not sure about this part though...

I could change the mx records so that the mail hits another external IP that I have and gets passed to the mail server. But what happens for outgoing mail - I cannot change the default gateway of the mail server - so email would come in one route and out of another - never done this before - would that work?  can it be done?

thanks
0
 

Accepted Solution

by:
pabby0612 earned 0 total points
ID: 38786328
Hi,

I have found an alternative solution to this issue and the question above is no longer relevant.  Thanks.
0
 

Author Closing Comment

by:pabby0612
ID: 38972980
alternative solution has been found
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question