+ Post New Thread
Results 1 to 15 of 15
Windows Thread, SSL Certificates for Exchange 2007 in Technical; Hi I've seen some threads touching this subject but i need some clarification. I've installed Exchange 2007 and all I ...
  1. #1
    jdibsdale's Avatar
    Join Date
    May 2008
    Location
    UK
    Posts
    84
    Thank Post
    1
    Thanked 3 Times in 3 Posts
    Rep Power
    14

    Cool SSL Certificates for Exchange 2007

    Hi I've seen some threads touching this subject but i need some clarification.

    I've installed Exchange 2007 and all I want is for my OWA users to get to OWA without having the cerficate error page come up. We're not allowed external access so we're not using Outlook Anywhere. So can i just create a self certificate using selfssl.exe and is there a way to install this via group policy to the clients? I just want the easiest method to get around this!

    Thanks
    Jenny

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,266
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    342
    This is for Exchange 2003, but the same rules should apply for Exchange 2007.

  3. #3
    ful56_uk's Avatar
    Join Date
    Mar 2008
    Location
    Essex
    Posts
    570
    Thank Post
    113
    Thanked 25 Times in 22 Posts
    Rep Power
    19
    try this web site free to education SSL Certificates SSL Wildcard SSL Free Certificates SSL Server Certificate 256 bits

    we managed to get a wild card cert as well not sure how they didnt pick that one up there loss our gain

    Mark

  4. #4

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,592
    Thank Post
    109
    Thanked 770 Times in 598 Posts
    Rep Power
    183
    You can just use Windows' Certificate Servies to produce your own certificate and then install this via GPO.

  5. #5

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,260
    Thank Post
    404
    Thanked 633 Times in 578 Posts
    Rep Power
    185
    Quote Originally Posted by Ric_ View Post
    You can just use Windows' Certificate Servies to produce your own certificate and then install this via GPO.
    With self signed certificates some web browsers throw a wobbly though don't they and you have to add exceptions? I know Firefox 3 does.

  6. #6

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    743
    Thank Post
    17
    Thanked 106 Times in 66 Posts
    Rep Power
    37
    Quote Originally Posted by ful56_uk View Post
    try this web site free to education SSL Certificates SSL Wildcard SSL Free Certificates SSL Server Certificate 256 bits

    we managed to get a wild card cert as well not sure how they didnt pick that one up there loss our gain

    Mark
    What would happen after 2 years? does the renew for education is also free? i.e. beyond 2 years?

    Ash.

  7. #7

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,247
    Thank Post
    882
    Thanked 2,745 Times in 2,319 Posts
    Blog Entries
    11
    Rep Power
    785
    Quote Originally Posted by Edu-IT View Post
    With self signed certificates some web browsers throw a wobbly though don't they and you have to add exceptions? I know Firefox 3 does.
    Just make sure that they use IE for webmail, this picks the certs up automatically from the user and machine certificate store. Besides OWA has limited functionality on other browsers in comparison to IE, well the 2003 edition anyway.

    You can use a GPO to add trusted certificate providers domain wide so this should allow for what the OP is after.

  8. #8
    jdibsdale's Avatar
    Join Date
    May 2008
    Location
    UK
    Posts
    84
    Thank Post
    1
    Thanked 3 Times in 3 Posts
    Rep Power
    14

    ..thanks ..one last thing

    Thanks for replying everyone.. I ended up setting up the certificate server and issuing a certificate which has worked! yay.

    There's only one last thing, I've deployed the certificate via group policy which has placed the certificate in the clients Trusted root certificates in IE. However, it still doesn't work without installing it. Firefox picks it up and prompts you straight away, you click yes and it works.. IE7 doesn't do this and you have to locate the error on the toolbar, and browse and install. Anyone know how to automate this?

    Thanks
    Jenny

  9. #9

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,247
    Thank Post
    882
    Thanked 2,745 Times in 2,319 Posts
    Blog Entries
    11
    Rep Power
    785
    If you have just deployed the individual site certificate IE may be warning you because it does not trust the certificate issuer server which has a separate certificate from the published site. This page may help add your local cert server as a trusted authority if you have not already done so:

    Deploying a Self-Signed Root Certificate with Group Policy
    Last edited by SYNACK; 28th May 2008 at 12:29 PM.

  10. #10
    jdibsdale's Avatar
    Join Date
    May 2008
    Location
    UK
    Posts
    84
    Thank Post
    1
    Thanked 3 Times in 3 Posts
    Rep Power
    14
    That's brill... it's working now! Thanks for the help.

  11. #11
    jdibsdale's Avatar
    Join Date
    May 2008
    Location
    UK
    Posts
    84
    Thank Post
    1
    Thanked 3 Times in 3 Posts
    Rep Power
    14
    Hi all,

    Having a SSL certificate nightmare again! All was good for a year when I implemented the initial certificate. This subsequently ran out so I renewed it, no problem. Now I've realised that the Out of Office isn't working in Outlook 2007. It's fine on OWA and Outlook 2003. So I've been searching the Internet for solutions to this problem which appears to be quite a common one... from what I've read this will be down to either wrong Autodiscover settings or wrong certificate. So I've tried amending the autodiscover settings but to no avail so I'm now trying to redo the certificate. I've removed the certificate and requested a new one using just the mailserver name as the common name because it's only for internal usage, sent it to the CA and OWA is ok with this, goes straight in with no certificate errors. However Outlook 2007 is not! When opening Outlook 2007, a security alert pops up and says "the name of the security certificate is invalid or does not match the name of the site. Do you want to proceed? Yes / No / View Certificate. Also Out of Office still doesn't work it says the server is unavailable. Have even tried just turning SSL off, but Out of Office still doesn't work! I've tried pretty much everything I can find. Really not sure what else to do to get it working. Has anyone solved this problem???

    Cheers
    J

  12. #12

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    743
    Thank Post
    17
    Thanked 106 Times in 66 Posts
    Rep Power
    37
    Quote Originally Posted by Edu-IT View Post
    With self signed certificates some web browsers throw a wobbly though don't they and you have to add exceptions? I know Firefox 3 does.
    As others have pointed out that self-signed Certs throw an error because the Root cert of the CA that issued the cert is not in the clien't trusted root certficate authorities store. One way to do this would be for all domain managed station to roll out the CA's root cert using GPO as mentioned.

    For exchange 2007 your cert really needs to be a SAN (Subject alternative Name) cert which allows you to add multiple names rather than usual one common name. This will cater for outlook anywhere, OWA etc.

    The IPSCA unfortunately don't do SAN certs but they do do wildcard certs. Some wildcard certs are not supported on mobile devices so to sue active sync to sync your calendars etc would be a problem.


    Best bet is to use on the commercial CAs becasue they have their CA's Root certs in most browsers on all most all PCs.

    Ash.

  13. #13
    tonyd's Avatar
    Join Date
    Mar 2006
    Location
    Kent (Sometimes), UK
    Posts
    163
    Thank Post
    17
    Thanked 42 Times in 31 Posts
    Rep Power
    25

    Thumbs up

    Quote Originally Posted by ashok View Post
    What would happen after 2 years? does the renew for education is also free? i.e. beyond 2 years?

    Ash.
    Late last year I 'renewed' a couple of certs from IPSCA, no problem at all - their 'renewal' process is simply applying for a cert the same as you did first time around! So, yes, renewals are free too :-)
    Last edited by tonyd; 29th May 2009 at 01:43 PM.

  14. #14

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    743
    Thank Post
    17
    Thanked 106 Times in 66 Posts
    Rep Power
    37
    Quote Originally Posted by tonyd View Post
    Late last year I 'renewed' a couple of certs from IPSCA, no problem at all - their 'renewal' process is simply applying for a cert the same as you did first time around! So, yes, renewals are free too :-)
    Brill!!

    Ash.

  15. #15
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,159
    Thank Post
    184
    Thanked 54 Times in 46 Posts
    Rep Power
    26
    If I install a wildcard certs from IPSCA on a Exchange 2003 box then later in the year move to Exchange 2007 on a different box can I use the same cert?



SHARE:
+ Post New Thread

Similar Threads

  1. Upgrading exchange 2003 to Exchange 2007
    By ful56_uk in forum Windows
    Replies: 1
    Last Post: 15th April 2008, 09:36 AM
  2. Exchange 2007 sp1 just killed my exchange
    By everton4europe in forum Windows
    Replies: 3
    Last Post: 16th January 2008, 06:01 PM
  3. Exchange 2007
    By Simcfc73 in forum Windows
    Replies: 18
    Last Post: 2nd January 2008, 10:20 PM
  4. Exchange 2007 SP1
    By PiqueABoo in forum Windows
    Replies: 21
    Last Post: 10th December 2007, 11:00 PM
  5. Exchange 2007 and exchange 2003
    By timbo343 in forum Windows
    Replies: 0
    Last Post: 3rd October 2007, 10:46 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •