Windows Thread, SSL Certificates for Exchange 2007 in Technical; Hi I've seen some threads touching this subject but i need some clarification.
I've installed Exchange 2007 and all I ...
27th May 2008, 04:48 PM #1
SSL Certificates for Exchange 2007
Hi I've seen some threads touching this subject but i need some clarification.
I've installed Exchange 2007 and all I want is for my OWA users to get to OWA without having the cerficate error page come up. We're not allowed external access so we're not using Outlook Anywhere. So can i just create a self certificate using selfssl.exe and is there a way to install this via group policy to the clients? I just want the easiest method to get around this!
27th May 2008, 05:23 PM #2
This is for Exchange 2003, but the same rules should apply for Exchange 2007.
27th May 2008, 06:55 PM #3
try this web site free to education SSL Certificates SSL Wildcard SSL Free Certificates SSL Server Certificate 256 bits
we managed to get a wild card cert as well not sure how they didnt pick that one up there loss our gain
27th May 2008, 07:06 PM #4
You can just use Windows' Certificate Servies to produce your own certificate and then install this via GPO.
27th May 2008, 07:10 PM #5
With self signed certificates some web browsers throw a wobbly though don't they and you have to add exceptions? I know Firefox 3 does.
Originally Posted by Ric_
27th May 2008, 07:12 PM #6
What would happen after 2 years? does the renew for education is also free? i.e. beyond 2 years?
Originally Posted by ful56_uk
27th May 2008, 07:13 PM #7
Just make sure that they use IE for webmail, this picks the certs up automatically from the user and machine certificate store. Besides OWA has limited functionality on other browsers in comparison to IE, well the 2003 edition anyway.
Originally Posted by Edu-IT
You can use a GPO to add trusted certificate providers domain wide so this should allow for what the OP is after.
28th May 2008, 12:20 PM #8
..thanks ..one last thing
Thanks for replying everyone.. I ended up setting up the certificate server and issuing a certificate which has worked! yay.
There's only one last thing, I've deployed the certificate via group policy which has placed the certificate in the clients Trusted root certificates in IE. However, it still doesn't work without installing it. Firefox picks it up and prompts you straight away, you click yes and it works.. IE7 doesn't do this and you have to locate the error on the toolbar, and browse and install. Anyone know how to automate this?
28th May 2008, 12:26 PM #9
If you have just deployed the individual site certificate IE may be warning you because it does not trust the certificate issuer server which has a separate certificate from the published site. This page may help add your local cert server as a trusted authority if you have not already done so:
Deploying a Self-Signed Root Certificate with Group Policy
Last edited by SYNACK; 28th May 2008 at 12:29 PM.
28th May 2008, 02:10 PM #10
That's brill... it's working now! Thanks for the help.
29th May 2009, 12:22 PM #11
Having a SSL certificate nightmare again! All was good for a year when I implemented the initial certificate. This subsequently ran out so I renewed it, no problem. Now I've realised that the Out of Office isn't working in Outlook 2007. It's fine on OWA and Outlook 2003. So I've been searching the Internet for solutions to this problem which appears to be quite a common one... from what I've read this will be down to either wrong Autodiscover settings or wrong certificate. So I've tried amending the autodiscover settings but to no avail so I'm now trying to redo the certificate. I've removed the certificate and requested a new one using just the mailserver name as the common name because it's only for internal usage, sent it to the CA and OWA is ok with this, goes straight in with no certificate errors. However Outlook 2007 is not! When opening Outlook 2007, a security alert pops up and says "the name of the security certificate is invalid or does not match the name of the site. Do you want to proceed? Yes / No / View Certificate. Also Out of Office still doesn't work it says the server is unavailable. Have even tried just turning SSL off, but Out of Office still doesn't work! I've tried pretty much everything I can find. Really not sure what else to do to get it working. Has anyone solved this problem???
29th May 2009, 01:17 PM #12
As others have pointed out that self-signed Certs throw an error because the Root cert of the CA that issued the cert is not in the clien't trusted root certficate authorities store. One way to do this would be for all domain managed station to roll out the CA's root cert using GPO as mentioned.
Originally Posted by Edu-IT
For exchange 2007 your cert really needs to be a SAN (Subject alternative Name) cert which allows you to add multiple names rather than usual one common name. This will cater for outlook anywhere, OWA etc.
The IPSCA unfortunately don't do SAN certs but they do do wildcard certs. Some wildcard certs are not supported on mobile devices so to sue active sync to sync your calendars etc would be a problem.
Best bet is to use on the commercial CAs becasue they have their CA's Root certs in most browsers on all most all PCs.
29th May 2009, 01:39 PM #13
Late last year I 'renewed' a couple of certs from IPSCA, no problem at all - their 'renewal' process is simply applying for a cert the same as you did first time around! So, yes, renewals are free too :-)
Originally Posted by ashok
Last edited by tonyd; 29th May 2009 at 01:43 PM.
29th May 2009, 04:15 PM #14
Originally Posted by tonyd
29th May 2009, 07:40 PM #15
If I install a wildcard certs from IPSCA on a Exchange 2003 box then later in the year move to Exchange 2007 on a different box can I use the same cert?
By ful56_uk in forum Windows
Last Post: 15th April 2008, 09:36 AM
By everton4europe in forum Windows
Last Post: 16th January 2008, 06:01 PM
By Simcfc73 in forum Windows
Last Post: 2nd January 2008, 10:20 PM
By PiqueABoo in forum Windows
Last Post: 10th December 2007, 11:00 PM
By timbo343 in forum Windows
Last Post: 3rd October 2007, 10:46 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)