Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Exchange
2000.active.directory
2000.admin
2000.announcements
2000.app.conversion
2000.applications
2000.clients
2000.clustering
2000.connectivity
2000.development
2000.documentation
2000.general
2000.information.store
2000.interop
2000.kms
2000.misc
2000.protocols
2000.realtime.collabo.
2000.setup
2000.transport
2000.win2000
admin
application.conversion
applications
clients
clustering
connectivity
design
development
misc
mobility
setup
tools
  
 
date: Thu, 22 May 2008 02:15:00 -0700,    group: microsoft.public.exchange.setup        back       


Exchange 2007 and SSL    
Hello,

I have a client how has a single server running AD, DHCP, DNS and Exchange 
2007 (know it's not ideal but it's a 2 person business, and will move over to 
SBS 2008 when it's released!).

During the installation of Exchange, it creates it's own SSL cert, which 
uses the server names as it's common name. Outlook 2007 clients then connect 
over SSL using this certificate.

As they use OWA externally, I have installed a proper SSL cert which uses 
email.<domainname>.co.uk as it's common name. This has in turn caused local 
Outlook 2007 clients to bring up an Security Alert message box when first 
opened about an invalid name on the SSL. This is because the Outlook clients 
are still pointing to <servername>.<domainname>.co.uk. When trying to tell 
Outlook to use the email.<domainname>.co.uk alias, it automatically reinputs 
the physical servername, which means I can't prevent the alert from appearing 
in Outlook.

Any ideas?

Thanks
date: Thu, 22 May 2008 02:15:00 -0700   author:   Andy Smith

Re: Exchange 2007 and SSL    
Hi,

Use a SAN Cert, this specifically is recommended to get around this problem, 
and is best practice for Exchange 2007.

http://msexchangeteam.com/archive/2007/02/19/435472.aspx

Oliver
date: Thu, 22 May 2008 11:13:51 +0100   author:   Oliver Moazzezi [MVP]

Re: Exchange 2007 and SSL    
Is getting a SAN certificate just a matter of generating the request using 
the New-ExchangeCertificate cmdlet, or is there more to it than that ?

I prefer to use inexpensive GeoTrust QuickSSL certificates that are auto 
generated because it allows me to set up server certs quickly, but I do not 
know if sending them a CSR generated through EX2007's cmdlet is enough to get 
a valid SAN certificate or there if there is more to it...

I made the mistake of getting a cert using IIS's wizard and installed it 
which broke OWA. I then retraced my steps using the cmdlet to generate the 
CSR, but after importing the new cert and deleting the old one OWA remains 
broken...

Is there any way to confirm that a certificate has the right properties ?

Dave

"Oliver Moazzezi [MVP]" wrote:

> Hi,
> 
> Use a SAN Cert, this specifically is recommended to get around this problem, 
> and is best practice for Exchange 2007.
> 
> http://msexchangeteam.com/archive/2007/02/19/435472.aspx
> 
> Oliver
> 
> 
>
date: Fri, 6 Jun 2008 07:20:01 -0700   author:   BigDude

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us