SSL/IIS/Ports Email Strategy

Hi. Got an IIS/ports /gateway issue and not sure whats the best way to deal with this.

On server 2003 I have exchange 2003 its a member server. I need to apply an SSL cert for OWA. However on the same IIS, I have a .net web service web site with its own dedicated IP using port 443 with an SSL certificate. I cannot change this .net web service in any way as it deals with flowing orders to our back end sql server from Internet web shops. Also, I cannot change the default gateway of the server as it would impact the web service. Both of these IIS sites are on a server that connects to the internet and has only one externally facing IP address.

I have tried applying the SSL for OWA but I cannot seem to use 443 - which I need to - as mobile handsets etc require 443  - also I dont want users having to manually input a random port number into browsers etc. (the ssl does work with a random port number but I backed the change out). I just need it to be https://mail.mycompany.com/exchange

The exchange site in IIS uses its own IP address and not 'all unassigned' -I was under the impression that you could use ssl and 443 on separate IP addresses but when we apply it we are getting a certificate error and it seems to be picking up the .net web service ssl cert details. I worked with the SSL provider to verify the implementation - at the end of which I was told that this may be because its all sitting on one single external IP address. Can anyone verify this before I proceed to look at other strategies?

Thanks
pabby0612Asked:
Who is Participating?
 
pabby0612Author Commented:
Hi,

I have found an alternative solution to this issue and the question above is no longer relevant.  Thanks.
0
 
Kash2nd Line EngineerCommented:
what kind of certificate do you have installed for your web shop. If its a single SAN certificate then I would be tempted to upgrade it to a mulitple SAN certificate and add corresponding exchange details in for OWA.

you didn't say whether emails are flowing fine or not so I assume they are.

That is one cheap solution I would try.

Also, if we were to go to second IP route, do you have any NIC installed which can have a totally different IP, then you are talking about pointing traffic to relevant ports on the router and things get complicated. Go from simpler checks to the complex ones.
0
 
pabby0612Author Commented:
Hi,  there are two separate domain names involved here -  the webservice has one totally different to the mail server. Both domain names point to the same external IP address. - which in turn pass traffic (443 for web service and 25 for smtp) to the one single server

I am assuming that the multiple SAN cert relies on the underlying domain name to be the same? I am not sure about this part though...

I could change the mx records so that the mail hits another external IP that I have and gets passed to the mail server. But what happens for outgoing mail - I cannot change the default gateway of the mail server - so email would come in one route and out of another - never done this before - would that work?  can it be done?

thanks
0
 
pabby0612Author Commented:
alternative solution has been found
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.