This is for Exchange 2003, but the same rules should apply for Exchange 2007.
Hi I've seen some threads touching this subject but i need some clarification.
I've installed Exchange 2007 and all I want is for my OWA users to get to OWA without having the cerficate error page come up. We're not allowed external access so we're not using Outlook Anywhere. So can i just create a self certificate using selfssl.exe and is there a way to install this via group policy to the clients? I just want the easiest method to get around this!
try this web site free to education SSL Certificates SSL Wildcard SSL Free Certificates SSL Server Certificate 256 bits
we managed to get a wild card cert as well not sure how they didnt pick that one up there loss our gain
You can just use Windows' Certificate Servies to produce your own certificate and then install this via GPO.
You can use a GPO to add trusted certificate providers domain wide so this should allow for what the OP is after.
Thanks for replying everyone.. I ended up setting up the certificate server and issuing a certificate which has worked! yay.
There's only one last thing, I've deployed the certificate via group policy which has placed the certificate in the clients Trusted root certificates in IE. However, it still doesn't work without installing it. Firefox picks it up and prompts you straight away, you click yes and it works.. IE7 doesn't do this and you have to locate the error on the toolbar, and browse and install. Anyone know how to automate this?
If you have just deployed the individual site certificate IE may be warning you because it does not trust the certificate issuer server which has a separate certificate from the published site. This page may help add your local cert server as a trusted authority if you have not already done so:
Deploying a Self-Signed Root Certificate with Group Policy
Last edited by SYNACK; 28th May 2008 at 11:29 AM.
That's brill... it's working now! Thanks for the help.
Having a SSL certificate nightmare again! All was good for a year when I implemented the initial certificate. This subsequently ran out so I renewed it, no problem. Now I've realised that the Out of Office isn't working in Outlook 2007. It's fine on OWA and Outlook 2003. So I've been searching the Internet for solutions to this problem which appears to be quite a common one... from what I've read this will be down to either wrong Autodiscover settings or wrong certificate. So I've tried amending the autodiscover settings but to no avail so I'm now trying to redo the certificate. I've removed the certificate and requested a new one using just the mailserver name as the common name because it's only for internal usage, sent it to the CA and OWA is ok with this, goes straight in with no certificate errors. However Outlook 2007 is not! When opening Outlook 2007, a security alert pops up and says "the name of the security certificate is invalid or does not match the name of the site. Do you want to proceed? Yes / No / View Certificate. Also Out of Office still doesn't work it says the server is unavailable. Have even tried just turning SSL off, but Out of Office still doesn't work! I've tried pretty much everything I can find. Really not sure what else to do to get it working. Has anyone solved this problem???
For exchange 2007 your cert really needs to be a SAN (Subject alternative Name) cert which allows you to add multiple names rather than usual one common name. This will cater for outlook anywhere, OWA etc.
The IPSCA unfortunately don't do SAN certs but they do do wildcard certs. Some wildcard certs are not supported on mobile devices so to sue active sync to sync your calendars etc would be a problem.
Best bet is to use on the commercial CAs becasue they have their CA's Root certs in most browsers on all most all PCs.
If I install a wildcard certs from IPSCA on a Exchange 2003 box then later in the year move to Exchange 2007 on a different box can I use the same cert?
There are currently 1 users browsing this thread. (0 members and 1 guests)