Re: Problems setting up SSL on Exchange 2003 Front End server

We're almost there! I've got as far as the "Submit a certificate request"
stage but when I try and go to http://<webserver>/CertSrv/ I'm just getting
a page can not be displayed error. I'm assuming I'm supposed to be going to
a webpage on my CA server? I've checked IIS on the CA Server and as far as I
can see there are no pages under the "Default Web Site". Does this mean the
CA hasn't been installed properly?? If we're getting a bit far away from
Exchange questions now please let me know and I'll post in the IIS
newsgroup.

Thanks again for you on-going help!

Curtis.

--
"Bharat Suneja [MVP]" <bharatsuneja@xxxxxxxxxxx> wrote in message
news:%23tQvdPlWGHA.3660@xxxxxxxxxxxxxxxxxxxxxxx
This should help.
http://support.microsoft.com/default.aspx?scid=kb;en-us;299875

--
Bharat Suneja
MVP - Exchange
www.zenprise.com
blog: www.suneja.com/blog
-----------------------------------------


"Curtis Fray" <xxx@xxxxxxx> wrote in message
news:ul5B2$kWGHA.1200@xxxxxxxxxxxxxxxxxxxxxxx
If you have time, would you mind giving me instructions on how to do
this? My certificate knoweldge is fairly minimal.

Thanks,

Curtis.

--
"Bharat Suneja [MVP]" <bharatsuneja@xxxxxxxxxxx> wrote in message
news:O33Ks0kWGHA.1204@xxxxxxxxxxxxxxxxxxxxxxx
What you saw was a self-signed cert issued by SSLDiag. This allowed you
to quickly isolate the problem to the certificate itself and once that
was changed by SSLDiag SSL worked.

You can delete the old certificate and revoke it from your CA. Then
submit a new cert req.
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
blog: www.suneja.com/blog
-----------------------------------------


"Curtis Fray" <xxx@xxxxxxx> wrote in message
news:%23ndR%23akWGHA.1352@xxxxxxxxxxxxxxxxxxxxxxx
One other question, I've noticed the certificate its picked up has been
issued by the Exchange FE server itself. It doesn't seem to have picked
one up from the actual CA in the forest root. And the one had has
issued itself is only valid for seven days.

Do you have any ideas how can get a certificate from the CA server
itself? Or move the self-generated one to the CA?

Thanks,

Curtis.

--
"Curtis Fray" <xxx@xxxxxxx> wrote in message
news:OfQfbYkWGHA.2080@xxxxxxxxxxxxxxxxxxxxxxx
Hi Bharat,

Thanks for the quick reply. That's managed to fix my problem. It
flagged up an error about the certificate. I just right clicked the
error and selected "Create New Cert" and it sorted itself out. Not
sure exactly what was wrong but it's all ok now.

Thanks again!!

Curtis.

--
"Bharat Suneja [MVP]" <bharatsuneja@xxxxxxxxxxx> wrote in message
news:OgzlIIkWGHA.5012@xxxxxxxxxxxxxxxxxxxxxxx
Run SSLDiag
http://www.microsoft.com/downloads/details.aspx?FamilyID=cabea1d0-5a10-41bc-83d4-06c814265282&displaylang=en


--
Bharat Suneja
MVP - Exchange
www.zenprise.com
blog: www.suneja.com/blog
-----------------------------------------


"Curtis Fray" <xxx@xxxxxxx> wrote in message
news:u%23YSx0jWGHA.3492@xxxxxxxxxxxxxxxxxxxxxxx
Hi,

I've had a 2-node 2003 cluster running for a while now. I'm just in
the process of setting up a FE server for this. I've installed it
and got it running, and all looks ok, but now I've come to setting
up SSL I'm running into problems.

I have installed a an Enterprise Root CA on a server in the forest
root. The Exchange servers are all running in the sub-domain of
this. I've followed the instructions found on this website:
http://tinyurl.com/4xa74

All seems to go well up until step 14 of the section called
"Creating the Certificate Request". I get the "Certificate Request
Submission" as it says I should, and on clicking Next I get a screen
informing me I've successfully completed the wizard and the
certificate is now installed on this server. However, if I then Edit
the Secure Communications I found it hadn't automatically ticked the
SSL and Require 128-bit encryption boxes. If I tick those manually
and try and access the OWA site by going to the http:// address I do
get a message saying it's secured by SSL. But if I try and go to the
https:// address I simply get a page cannot be displayed error.
Incidently, if I remove the Require SSL option I can access OWA over
http.

I've also noticed under the Directory Security tab where I set this
up, the "View Certificate" box is greyed out. Does this mean the
certificate itself hasn't been installed correctly?

Thanks in advance,

Curtis.
--
Please reply to news group only. Thank you.















.

Relevant Pages

  • Re: Outlook 2003 - RPC over HTTP
    ... have you applied SP1 for Exchange 2003? ... configure the RPC Proxy server to use the specified default ports for RPC ... >> I need a SSL certificate and we plan to use our own CA to issue the ... >> certificates and therefore, I have installed certificate services on the ...
    (microsoft.public.outlook.general)
  • RE: SBS2003 R2 Exchange issue
    ... Although SBS can import Certificate by running the CEICW wizard, ... Click to clear the Require secure channel (SSL) check box. ... Restart Exchange System Manager. ... On the SBS 2003 Server open the Server Management console. ...
    (microsoft.public.windows.server.sbs)
  • RE: SSL MITM not on port 443
    ... Have you ever done what you're trying to do on a "normal" SSL web ... My recommendation would be to set up a web server in your lab ... hopes that the client will accept that certificate. ... SSL MITM not on port 443 ...
    (Pen-Test)
  • Re: Cant access OWA on New Front-End Server
    ... Did you remove the certificate from the back-end server? ... I double checked IIS SSL settings. ... MVP - Exchange ...
    (microsoft.public.exchange.setup)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
Loading