Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Self SSL Need Help
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
Self SSL Need Help - 11.Mar.2008 12:17:12 PM
|
|
|
defiantclass1
Posts: 183
Joined: 17.Jul.2006
Status: offline
|
I've posted before, but still haven't resolved my problems with Self SSL.
I have a domain name www.mydomainname.com which the mail points to my broadcast IP. The users can type mail.mydomainname.com and get to OWA. But downloading and installing the certificate doesn't prevent the certificate from needing to be installed on the next visit. They get prompted and warned that the site is not recommended, they have to select to continue anyway.
Now, my physical name of my exchange server is not mydomainname.com. It is companymail.com. When I generate a certificate through SelfSSL for mydomainname.com I get an error when I try to open the public folders in Exchange Manager. The error says the certificate is incorrectly named. That is why I created my certificate using my physical server name of companymail.com. It seems to work, except it doesn't seem to install correctly on client machines.
In Exchange Manager, under my Default SMTP server properties, Advanced Delivery, I have mail.mydomainname.com entered in FQDN field so that is the server name referenced in the header of outgoing mail.
Also, I have a webserver which is using port 443 for ssl, so I have to use an alternate port for Exchange ssl, 1105. When users type mail.mydomainname.com, IIS forwards them to https://xx.xxx.xx.xxx.xx:1105/exchange (my exchange server internal ip address/sslportnumber/exchange)
Basically, what I'm saying is, I think because my domain name is www.mydomainname.com and gets forwarded to another address internally, and my pysical server name is something different, my certificate isn't working which 1) prevents me from being able to properly install the certificate and 2) I cannot seem to get an Outlook client to connect remotely.
I really need some clear cut help on certificates. I need to know exactly what to do if I have:
1) a domain name which is different than my physical exchange server name
2) mail.mydomainname.com get forwarded to another internal address and through a differtent ssl port
What name do I use to create the Self SSL cert?
mail.mydomainname.com (the original url)
or
mydomainname.com (my domain name)
or
comapnymail.com (my Exchange Server name)
or
xx.xxx.xx.xxx:1105/exchange (my internal Exchange address that IIS forwards traffic to)
|
|
|
|
|
RE: Self SSL Need Help - 13.May2008 10:56:49 PM
|
|
|
NetoMeter
Posts: 20
Joined: 18.Apr.2006
Status: offline
|
Hi,
The SelfSSL command should be:
selfssl.exe /N:CN=mail.mydomainname.com /K:1024 /V:3650 /S:(?) /P:1105
Replace the question-mark with the site ID (you ca see it in IIS manager when you click Web Sites).
Nowadays SSL certificates are very cheap. You can get GoDaddy Turbo SSL certificate for $14.99 (if you follow the Google link – otherwise it’s $29.99 USD).
Buying one would save you all the troubles with troubleshooting (teaching first) the import of the cert at the client side.
I have published a Step-by-Step video tutorial for the GoDaddy TurboSSL installation:
http://www.netometer.com/video/tutorials/godaddy-ssl-certificate/index.php
It includes the installation instructions as well as the troubleshooting steps. Of course, you can stick to the SelfSSL and there are Screencasts at NetoMeter for both using SelfSSL for both IIS6 and IIS7.
Regards,
Dean Stefanov
http://www.netometer.com
_____________________________
http://www.netometer.net/support
|
|
|
|
|
RE: Self SSL Need Help - 13.May2008 11:07:37 PM
|
|
|
defiantclass1
Posts: 183
Joined: 17.Jul.2006
Status: offline
|
Hey, I really appreciate your time and help. I'll check out your article and I agree with you on going with GoDaddy on this one.
Thanks
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
