Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
As I am configuring the OWA at the moment, by the fault https://server.mydomain.com.au/owa it works fine internally, and it does not work externally. Do we need to purchase a third-party SSL certificate for external access? I have read the book namely How to cheat at Configuring Exchange Server 2007 by Henrik Walther, it is said that
"what do I do if my organization can't afford to throw $600 towards an SSL certificate each year?”Well, in that case, the solution would be to use multiple Web sites"
I assume it should work too right? but not many people mention about this method.
Why is it so?
Thanks in advance.
Regards
< Message edited by ctvu -- 12.Nov.2008 8:37:50 PM >
Posts: 1814
Joined: 12.Apr.2008
From: The Netherlands
Status: offline
Hi,
Please check that you provided an external url is provided in the EMC. This can be done by following this steps:
- open the EMC - open the server configuration - select the CAS server - select the OWA which you want to edit - on the general tab ensure that the url's are correct
Standard Exchange has a self signed certificate so it should work for both, only this is not "secure". You can buy a certificate for your Exchange on the following website: https://www.godaddy.com/gdshop/ssl/ssl.asp
Thank you for your response. I did add https://webmail.mydomain.com.au/owa in the External URL box. And when tried to open this web page, first I got a waring web page saying that
There is a problem with this website's security certificate. The security certificate presented by this website was issued for another website's address. ..................
Posts: 1814
Joined: 12.Apr.2008
From: The Netherlands
Status: offline
Hi,
The first error is correct because the self-signed certificate is standard assigned to OWA. When using a real certificate you should not see this error any more.
About the page not found issue try this:
- switch from form based authentication to integrated and check if it works - change it back and use the New-ExchangeCertificate powershell command let to generate a new certificate, then try again.
Posts: 895
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline
You actually don't ever need to modify the ExternalURL or InternalURL for OWA if you're doing a single site scenario. The only time InternalURL or ExternalURL is ever utilized is in a proxying/redirection scenario. The reason this is is that those URLs are automatically fetched so one CAS can see if it should proxy or redirect.
If you're single site and all your clients will hit the same CAS, that CAS won't have to fetch any URL. So you can have the InternalURL and/or ExternalURL completely false and it'll work since the only thing that'll happen is a client will directly go to the https://whatever.domain.com/owa and that CAS will see it's the CAS for the box and won't have to proxy/redirect and it'll just work.
Just figured I'd throw that information out there.
Actually I've read something like you said that "If you are using a single-server installation of Exchange 2003, then Outlook Web Access 2003 does not require any specific customization in order to work. It will be installed on the server as part of the Exchange setup". So the Internal and External users should use the same URL (https://server.mydomain.com.au/owa) and it should work supposedly. I did try before, it did not work. I will try again to record the error.
I cleared the External URL in order to test, as I mentioned above it does not work. Then I put it back to try your method, but now it gave me the same error Internet Explorer cannot display the webpage
Thanks in advance
Regards,
< Message edited by ctvu -- 14.Nov.2008 9:02:26 AM >
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
The problem with books is that they go out of date very quickly. When Exchange was first released, the SSL certificate you need (a SAN or UC certificate) was indeed $600. You can now get them for US$60/year. I have outlined the full steps required, including the source of the certificates on my blog: http://www.sembee.co.uk/archive/2008/05/30/78.aspx
After reading your blog, if I buy a SSL Certificate, it will take care of OWA, Outlook Anywhere and ActiveSync,right? But I don't understand why it does not work with the self-signed certificate, and single site like us.
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
quote:
ORIGINAL: ctvu
Thank you Simon for your help and blog
After reading your blog, if I buy a SSL Certificate, it will take care of OWA, Outlook Anywhere and ActiveSync,right? But I don't understand why it does not work with the self-signed certificate, and single site like us.
Thanks in advace
Regards
The SAN/UC certificate will take care of all of the SSL secured services. That includes the web based services of OWA, EAS and Outlook Anywhere. It can also take care of UC, SMTP, IMAP and POP3.
Do note that the self generated SSL certificate is not supported for use with EAS and Outlook Anywhere. Therefore if you want to use those features in a supported environment then you must purchase an SSL certificate.
Someone has pointed you to my article on using a single name SSL certificate. While you can use the traditional type of SSL certificates, it is not something I tend to recommend.
The fact that you are in a single site environment is immaterial.
Again thank you Simon for your help and Peter for helpful link. I do really appreciate.
Before purchasing any SSL certfication. I have got one question.
At the moment we are using POP3 and we have 2 registered domain names say www.firstdomain.com and www.seconddomain.com , and we have 2 POP3 emails user@firstdomain.com and user@seconddomain.com Can Exchange 07 handle this scenario? what I mean is that can one user have 2 different email accounts one for each domain in Exchange 07 environment? If it can be done then we need to purchase a SSL for multi-domain, is it correct?
Thanks in advance
Regards
< Message edited by ctvu -- 17.Nov.2008 6:33:09 AM >
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
The domains the server is accepting email for have nothing to do with the SSL certificate. You can have whatever names you like on the SSL certificate.
With a multiple domain name scenario I usually recommend that the same DNS records are used for all domains. Users can use OWA on the original domain - it doesn't matter. If you want to provide vanity URLs (so owa.domain1.net and owa.domain2.net) then get a certificate that can support more additional names.
With a multiple domain name scenario I usually recommend that the same DNS records are used for all domains.
Honestly, I have been searching for the info about multiple domain in Exchange 07 environment. I will come back for this. Thanks
quote:
Users can use OWA on the original domain - it doesn't matter. If you want to provide vanity URLs (so owa.domain1.net and owa.domain2.net) then get a certificate that can support more additional names.
Again, I am not quite sure what kind of SSL certificate can support more additional names, I have gone through all websites you recommended in your blog + GoDaddy and Google some offers free certificate as well leading more confusing. And I happened to see one post that he/she has an issue with AutoDiscover because SSL certificate he/she bought does not support.
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
With regards to the SSL certificate, I am not sure what is confusing. SAN (Subject Alternative Name) certificates are what you want. They support numerous names. I am not sure of the limit, but most places sell them in fives and tens.
Most "free" certificates are not worth the hassle, because they are not trusted. I am certainly not aware of any free SAN certificates that are trusted by most browsers. Without the trust they are useless.
With regards to the SSL certificate, I am not sure what is confusing. SAN (Subject Alternative Name) certificates are what you want. They support numerous names. I am not sure of the limit, but most places sell them in fives and tens.
Most "free" certificates are not worth the hassle, because they are not trusted. I am certainly not aware of any free SAN certificates that are trusted by most browsers. Without the trust they are useless.
Simon.
Thank you for your patience with me, I am going to have a closer look again at all SSL Certficates available out there. Thanks for that With the "free" certificates, I thought there would be reseaon behind it that no one would like to use it in the production environment, now I know they are not trusted Much appreciated
With a multiple domain name scenario I usually recommend that the same DNS records are used for all domains.
Hi Simon
I have been trying to figure out what it s supposed to mean. But I don't get it. Are you refering SRV record or something else? After meeting today I was asked if he (the boss) can have 2 email address say boss@domain1.com and boss@domain2.com and both should be in the same mailbox. How can I achieve this goal? Thanks in advance
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
A few things to be wary of. The DNS records do not have to be in the same domain. For example, your MX records for domain1.net could be mail.domain1.net. The MX records for domain2.com (which is on the same server as domain1.net) could also be mail.domain1.net. As long as the name resolves it will be delivered.
To host multiple domains you simply need to ensure that they are listed in accepted domains and then create an email address policy.
While you can have as many email addresses on the account as you like, from different domains, what you cannot do is send as a different address - Exchange will only allow email to go out as the default address.
ORIGINAL: Sembee A few things to be wary of. The DNS records do not have to be in the same domain. For example, your MX records for domain1.net could be mail.domain1.net. The MX records for domain2.com (which is on the same server as domain1.net) could also be mail.domain1.net. As long as the name resolves it will be delivered.
Thank you very much I have got another question, I hope you don't mind Within domain1.com, I go to the DNS setting and change an MX record for domain1.com as below mail.doamin1.com A 192.122.X.X domain1.com MX 10 mail.domain1.com If I am not wrong, then we can add another MX record for domain2.com domain2.com MX 10 mail.domain1.com
Since we have both domains registered, so what'd happen to the MX record of domain2.com that is already set within domain2.com in the DNS setting?
mail.domain2.com A 192.122.Y.Y (different from domain1.com) domain2.com MX 10 mail.domain2.com
would they conflict with the one within domain1.com?
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Microsoft Exchange 2007] >> Outlook Web Access >> OWA and SSL 
Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
OWA and SSL - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
