Why https doesn't work on Exchange OWA URL?
This is using MS Exchange Server 2019. We are using MS Certificate Service SSL Cert. We have already import the this CA into the trusted Root Certificate Authorities folder for all of the users using GPO. However, when user browse to the OWA url, they can connect this owa url with https, rather, they have to choose "advanced" and choose the http. Please see the attached.ssl error.JPG
Do we have to do some thing on IIS? How to get this fixed. This ssl cert is valid shown in the EAC.
Thanks,
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
As commented above you need a 3rd party certificate.
Buy a cheap certificate from Namecheap and install it.
Create a CSR using this tool and install it.
Easy-CSR-Creation-and-Installation-of-certificate-in-Exchange-2007-2010-2013-2016-and-2019
Buy a cheap certificate from Namecheap and install it.
Create a CSR using this tool and install it.
Easy-CSR-Creation-and-Installation-of-certificate-in-Exchange-2007-2010-2013-2016-and-2019
seth is correct in incrimilating the signature algorithm based on the very explicit error message. i am unsure how he inferred you were using sha1, though.
obviously you can rely on your own ca to handle the certs.
obviously you can rely on your own ca to handle the certs.
ASKER
Sorry for the late reply
Hi Seth,
I will follow the steps and do it tomorrow. I will update you about the status.
Hi M A,
Thanks for sharing the CSR Creation tool.
Hi Jose,
Thanks for the suggestion
Hi skullsnobrain,
Thanks.
Hi Seth,
I will follow the steps and do it tomorrow. I will update you about the status.
Hi M A,
Thanks for sharing the CSR Creation tool.
Hi Jose,
Thanks for the suggestion
Hi skullsnobrain,
Thanks.
ASKER
Hi Seth,
We managed to update the CA to SHA 256. However, we still see the same error while accessing the owa in https, as the SSL Cert is still in sha1. We believe this is because by the time generate this cert, the CA still in sha1.
Does this mean that we have to renew the SSL cert?
We managed to update the CA to SHA 256. However, we still see the same error while accessing the owa in https, as the SSL Cert is still in sha1. We believe this is because by the time generate this cert, the CA still in sha1.
Does this mean that we have to renew the SSL cert?
yes. anyway the cert likely became invalid if you changed the ca's
ASKER
Hi Skullnobrains,
Noted
Noted
The issue is that you need to purchase with a trusted Certificate of Authority.
If you brought it then follow @seth instructions, if it's a self-signed certificate, buy one from Namecheap or any other ssl.
* Basically you need 2 names "mail.domain.com" and "autodiscover.domain.com" the "domain.com" part is your domain.
And don't forget to Attach the services once you do that
On Exchange PS:
Enable-ExchangeCertificate -thumbprint XXXXXXXX -services IIS,SMTP
and make sure all sites in IIS are using the same site.
and if you haven't configure all Service point on Exchange 2019 to match the SSL in the certificate.