Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Setting up a CA for a Secure OWA
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
 Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
|
|
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
|
RE: Setting up a CA for a Secure OWA - 13.Jun.2005 3:25:00 PM
|
|
|
marcelo73
Posts: 30
Joined: 23.Dec.2004
From: Buenos Aires
Status: offline
|
Here is something interesting I got from Tom Shinder's article:
The connection breaks if the common name on the server certificate doesnÆt match the name used by the client request. There are two places where the connection could break in the scenario above:
If the common name on the certificate used by the ISA Server firewall to impersonate the OWA 2003 site doesnÆt match the server name (FQDN) used by the OWA client on the Internet
If the common name on the certificate on the OWA 2003 Web site doesnÆt match the server name (FQDN) used by the Web Proxy service to forward the request to the OWA 2003 Web site on the internal network; the name in the request is determined by how you configure the Web Publishing Rule. We will cover this issue in detail in the next article in this series
Keep these facts in the back of your mind as we work through the certificate request, certificate export, certificate import and finally the Web Publishing Rule. IÆll remind you of these issues when they enter into the equation.
|
|
|
|
|
RE: Setting up a CA for a Secure OWA - 14.Jun.2005 8:28:00 AM
|
|
|
soth
Posts: 27
Joined: 7.Jun.2005
From: kentucky
Status: offline
|
Hi guys, i've narrowed my problem down I think. Everytime I try to issue a certificate through IIS on the default website I receive an error Denied Policy Module, 0x80094800. According to microsoft this is a common error in which the default template is not installed.
I've still not resolved that issue though.
|
|
|
|
|
RE: Setting up a CA for a Secure OWA - 15.Jun.2005 12:09:00 PM
|
|
|
marcelo73
Posts: 30
Joined: 23.Dec.2004
From: Buenos Aires
Status: offline
|
Ok, I'm almost there. I can have the certificate created. I've exported it and imported it into ISA Server as a web listener in 443 port with SSL.
Now:
When I try to connect to http://mail.domain.com/exchange it asks me for SSL connection so I use https.
When I try to connect to
https://mail.domain.com/exchange it comes with a page which says:
Explanation: There is a problem with the page you are trying to reach and it cannot be displayed.
Technical Information (for support personnel)
ò Error Code: 502 Proxy Error. The ISA Server denies the specified Uniform
Resource Locator (URL). (12202)
ò IP Address: 200.x.x.x
ò Date: 5/31/2005 8:10:49 PM
ò Server: isaserver.domain.com
ò Source: proxy
Please, can somebody help me with this? This looks like a problem after another.
Greetings,
Marcelo.
|
|
|
|
|
RE: Setting up a CA for a Secure OWA - 15.Jun.2005 4:34:00 PM
|
|
|
chandhru
Posts: 47
Joined: 11.May2005
From: Alabama
Status: offline
|
Guys, even I am having problems implementing SSL over OWA. I have posted this last friday. I have an Exchange 2003 server running on windows 2003 server. I am able to generate request for certificate, create certificate and apply the certificate to the default website.
the problem is whenever i type in the url as https://myserver.mydomain.com/exchange, I see the certificate source cannot be validated(which is expected). but afterwards instead of taking me to the login screen ( a window popup) it shows page cannot be displayed.
I tried to create an another test website, requested a new certificate, generated it and applied the new certificate enable ssl encryption, still when i type in the url with https i only get page cannot be displayed
so I went to a different 2003 server, created an other test website and also installed an new CA in that server, when I applied the certificate I am able to view the page. so I thought the problem might be in the certificate, I created the new certificate in the new server and exported it to the exchange box
still the same problem. I checked the common name and went through every step given in the tutorial, still unable to implement ssl.
I think, there is a problem in the IIS configuration than in the CA. if any one of you found a solution, please post them so others can benefit from it.
|
|
|
|
|
RE: Setting up a CA for a Secure OWA - 16.Jun.2005 10:13:00 AM
|
|
|
marcelo73
Posts: 30
Joined: 23.Dec.2004
From: Buenos Aires
Status: offline
|
Guys, this could be useful for someone who still did not pay attention on this option.
According to Tom Shinder you have to enable CRL checking at System Policy.
This is for those who use ISA Server.
http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=23;t=000584#000003
Here's the link. My nick is techuser at isaserver.org
Regards,
|
|
|
|
|
RE: Setting up a CA for a Secure OWA - 16.Jun.2005 9:51:00 PM
|
|
|
soth
Posts: 27
Joined: 7.Jun.2005
From: kentucky
Status: offline
|
Well guys, I don't have an ISA server, but i'm pretty much gave up though. Just doesn't make any sense if I slap two computers together and repeat the exact same process i'm doing on the production server and it works in the test environment.
Hope you get it fixed!
soth
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Mad]](/image/smiles/mad.gif)
![[Smile]](/image/smiles/smile.gif)
