Exchange 2010 HTTPS issues...communications issues started on the same day with various services we use internally and externally:

** OWA Seems to be working normally again. [OWA - login page shows secured, but after login, address bar shows only partially protected or not protected at all.]

Shoretel/Mitel phone client - shows error message at bottom of client application. Cannot connect to Exchange server "email.domain.com".

Outlook 2013 client Out of Office - does not work. "Server is unavailable".

3 MAC Sierra users - cannot connect to server errors when using either Outlook 2016 or Apple Mail.

Mail archiving system - Exchange mailbox archiving jobs failing. Varying messages from logs show "The remote server returned an error: (503) Server Unavailable", "Microsoft Exchange Server returned an unexpected HTTP error code (EWS 503)", "The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel",  "The remote certificate is invalid according to the validation procedure", “Unable to connect to Microsoft Exchange Server. Details: The SSL/TLS certificate verification failed.” or “While logging on to the Exchange Server, an unexpected status code (302) was returned”

Cannot ping "email.domain.com" or "autodiscover.domain.com". ICMP fails on both.

Also, Exchange server has a third party extended validation certificate that is valid until 2019 and has IMAP, POP and IIS services assigned to it. Outlook Anywhere works …

Binding new SSL certificate to WServer 2012 problem.
I built the request per:
https://www.digicert.com/util/csr-creation-microsoft-servers-using-digicert-utility.htm.  Handed the request off to our infrastructure team where they purchased the new SSL.  The Team has sent me the new SSL certificates where I renamed appropriately from a .txt extension to a .cer externsion.

I have two test servers (and two prod servers)I need to update the SSL certificates for.   I have followed the steps outlined in this document for installing the SSL certificate:
https://support.comodo.com/index.php?/Knowledgebase/Article/View/1159/37/certificate-installation-microsoft-iis-8x


I can see on the server IIS where the certificate has been updated to 10/9/2020 in the Server Certificates; however, if I look under the padlock on the client's URL, the expiry date is still set for:  10/24/2018.  How do I propagate this out to the client?  This is the first time I've done this, and I have four 2012 servers to update ASAP.  Any guidance would be appreciated.

set up plesk with ssl but won't automatically  display https:

3rd party SSL install on Windows server 2012 to enable LDAPS

Hello experts,

So I need to install an godaddy  SSL cert on my Windows server to enable LDAPS. I was about to purchase the cert when the godaddy rep told me that SSL certs can't be installed on .local domain (mycompany.local) anymore, apparently it was possible years ago.

He told me the work around is to bind teh fqdn to the DC by creating a .local sub domain in a public domain... From what I understood I need to create a .local subdomain in my companies public domain (local.publicdomain.com). I get that part, what I'm confused with is the binding of the DC to the subdomain. Does it mean creating a dns zone for the subdomain and creating a record?

The other solution would've been to have my internal domain with something other than .local but it's a production environment and can't change that.

So can anyone please shed some light on the binding part? Also, I am correct on my assumption of creating a .local sub-domain in my public domain?

Thanks in advanced.

security scan finding: "SSL Medium Strength Cipher Suites Supported (42873)" error on 2012 R2 / Win10 seems to be port 3389/TCP.

I've seen a solution using https://www.nartac.com/Products/IISCrypto/ but I have a secure environment and I'm not sure about using this product.
I've enabled the GPO 'SSL Cipher Suite Order' setting in admin templates / network which doesn't seem to have anything below 112bits and I've removed DES and 3DES.
is there a another or manual fix for this?

thanks

Does trusted email domain require its own ssl cert on the exchange server?

- Domain A has been set up and working for years
- Domain B as a re-brand effort was added to Exchange 2010.
- All emails still route to the server name for Domain A [mail.domaina.com]
- Receiving certificate issues and warnings when loading Outlook into the new email address for Domain B.
- A portion of Sent emails are being bounced or captured in external recipient's junk/ spam.
- I'm assuming a certificate needs to be installed.

Can I add a certificate for the trusted domain to this server to resolve the cert warnings?

I am hosting a couple of web sites on couple Linux boxes and OWA on a Windows box in my office. Currently http is forwarded to Host_W and https is forwarded to Host_M.  Host_W serves pages for www.site-m.biz, www.site-d.net, and www.site-f.com while it forwards requests for host_l.site-s.org and www.site-s.org to Host_L. The current structure looks like this:
 

What I want to do is forward both http and https to Host_W while serving the same three sites and forward https requests for mail.site-m.biz to Host_M and requests for site-s.org to Host_L. The structure would look something like:


 I have attached sanitized copies of what I think are the relevant config files.
 
The port forward is not a problem, simple change on the firewall. Installing Let's Encrypt certificate on both Nginx and Apache2 are heavily documented and a Godaddy certificate for mail.site-m.biz is already installed on Host-M.

What I don't have a handle on is the changes needed on the Apache2 on Host_W. I think it would be just to add something to the site-m.biz.conf like (and something similar to site-l.org.conf):

<VirtualHost *:443>
        ServerName mail.site-m.biz

        SSLEngine On
        SSLProxyEngine On
        ProxyRequests Off
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off
        SSLInsecureRenegotiation on
        SSLProxyVerify none
        SSLVerifyClient none
     

Select all Open in new window

…

Hi guys

How do you give someone the private key for the SSL certificate but un-encrypted? I don't get what they are saying.

I've got a Windows 2008 R2 web server that I created the CSR onto. Then I got the certificate from the provider and have applied the certificate to this to complete the request.

My colleague needs the private key. I exported it as a .PFX file, but when you do that, it is password protected. He needs it un-encrypted.

Do you use the MMC console to do this and then export it as a .CER file? Will that be correct?

Cheers
Yashy

Hi guys

I am going to be buying a multi-EV domain SSL certificate. This domain will have quite a few sub-domains. When i want to create the certificate request on the server, in the common name section, do I just put in the domain name only? So would I put 'contoso.com'? And not '*.contoso.com'. I assume i would only put an asterisk if it was going to be a wildcard ssl right?

Thanks for helping
Yash

Dear Experts, I'm testing the Sharepoint 2016 on-premises, I tried to share the document like these screenshots but the user who was shared COULD NOT receive any notification email of this sharing. I was loggin as Sharepoint Admin and it has functional mailboxa account. How can  we fix it?



I also CANNOT share it with external user???


One more thing, I'd like to redirect the http: site to https: site in Sharepoint but I could not configure it. I tried 2 methods but they both did not work!

1. Add both http and https links in default zone of mapping site

2. Add redirect http in IIS management