HalCHub
asked on
owa cert error
sbs 2011 exchange 2010
I have a self assigned cert for my server and a wild card cert for my domain
my server is named x
when I do https:/x I get
You attempted to reach x, but instead you actually reached a server identifying itself as x.mydomain.local. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of x.
If I do https://x.mydomain.local I get 404 error
I have a self assigned cert for my server and a wild card cert for my domain
my server is named x
when I do https:/x I get
You attempted to reach x, but instead you actually reached a server identifying itself as x.mydomain.local. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of x.
If I do https://x.mydomain.local I get 404 error
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok lets start with the internal self cert
its call mydomainall and is wildcard cert. as *.mydomain.local
if I want the users to access owa using webmail.mydomain.local as opposed to x.mydomain.local I get the cert error
webmail has a dsn record which points to the same ip as x
its call mydomainall and is wildcard cert. as *.mydomain.local
if I want the users to access owa using webmail.mydomain.local as opposed to x.mydomain.local I get the cert error
webmail has a dsn record which points to the same ip as x
you should move away from using .local in your URLs since a year from now you can't use those certs for those kinds of domains (.local or anything else not public)
ASKER
seth
your saying I will need to convert my domain to mydomain,local to mydomain.com ?
your saying I will need to convert my domain to mydomain,local to mydomain.com ?
ASKER
You attempted to reach webmail.mydomai.com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.
webmail is a valid dns record and I have registered a wildcards cert. Is this an issue with my binding ?
The entity which issues the cert is godady.
webmail is a valid dns record and I have registered a wildcards cert. Is this an issue with my binding ?
The entity which issues the cert is godady.
your saying I will need to convert my domain to mydomain,local to mydomain.com ?
no
as i stated in my first post, you change the URLs it advertises as by not using .local
that way you use the same server names both internally and externally
the actual server name (mail.company.local) doesn't change, only the URLs that exchange uses for communication with browsers and clients
What is the friendly name configured for the website in IIS ?
If you are trying to use the same wildcard certificate for multiple sites you should adjust the friendly name to read *.domain.local etc.
So the quick answers are:
1. you will never get https://x simply because your SSL certificate has a FQDN and is configured to respond to "Anything".domain.local
2. I am not sure the config you have that might cause the second error, but I would look at changing the friendly name of the certificate to *.domain.local then trying again.
A little more information would really be helpful here though.