Solved

SSL/IIS/Ports Email Strategy

Posted on 2013-01-08
4
257 Views
Last Modified: 2013-03-11
Hi. Got an IIS/ports /gateway issue and not sure whats the best way to deal with this.

On server 2003 I have exchange 2003 its a member server. I need to apply an SSL cert for OWA. However on the same IIS, I have a .net web service web site with its own dedicated IP using port 443 with an SSL certificate. I cannot change this .net web service in any way as it deals with flowing orders to our back end sql server from Internet web shops. Also, I cannot change the default gateway of the server as it would impact the web service. Both of these IIS sites are on a server that connects to the internet and has only one externally facing IP address.

I have tried applying the SSL for OWA but I cannot seem to use 443 - which I need to - as mobile handsets etc require 443  - also I dont want users having to manually input a random port number into browsers etc. (the ssl does work with a random port number but I backed the change out). I just need it to be https://mail.mycompany.com/exchange

The exchange site in IIS uses its own IP address and not 'all unassigned' -I was under the impression that you could use ssl and 443 on separate IP addresses but when we apply it we are getting a certificate error and it seems to be picking up the .net web service ssl cert details. I worked with the SSL provider to verify the implementation - at the end of which I was told that this may be because its all sitting on one single external IP address. Can anyone verify this before I proceed to look at other strategies?

Thanks
0
Comment
Question by:pabby0612
  • 3
4 Comments
 
LVL 19

Expert Comment

by:Kash
ID: 38754022
what kind of certificate do you have installed for your web shop. If its a single SAN certificate then I would be tempted to upgrade it to a mulitple SAN certificate and add corresponding exchange details in for OWA.

you didn't say whether emails are flowing fine or not so I assume they are.

That is one cheap solution I would try.

Also, if we were to go to second IP route, do you have any NIC installed which can have a totally different IP, then you are talking about pointing traffic to relevant ports on the router and things get complicated. Go from simpler checks to the complex ones.
0
 

Author Comment

by:pabby0612
ID: 38763209
Hi,  there are two separate domain names involved here -  the webservice has one totally different to the mail server. Both domain names point to the same external IP address. - which in turn pass traffic (443 for web service and 25 for smtp) to the one single server

I am assuming that the multiple SAN cert relies on the underlying domain name to be the same? I am not sure about this part though...

I could change the mx records so that the mail hits another external IP that I have and gets passed to the mail server. But what happens for outgoing mail - I cannot change the default gateway of the mail server - so email would come in one route and out of another - never done this before - would that work?  can it be done?

thanks
0
 

Accepted Solution

by:
pabby0612 earned 0 total points
ID: 38786328
Hi,

I have found an alternative solution to this issue and the question above is no longer relevant.  Thanks.
0
 

Author Closing Comment

by:pabby0612
ID: 38972980
alternative solution has been found
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2013 -Load Balancing 5 47
Exchange logs building up fast and not truncating 6 38
yahoo suddenly spam email 13 34
Domino Website - Redirection 12 52
Nearly six years ago I was hired by a company to be their senior server engineer. One of my first projects was to implement Exchange Server 2007 on a Windows Server 2008 Single Copy Cluster for high availability. That was the easy part; read on to l…
Easy CSR creation in Exchange 2007,2010 and 2013
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now