Re: OWA and RPC over HTTP

Tech-Archive recommends: Fix windows errors by optimizing your registry

On Jan 28, 10:14 pm, "Bryan Nyce" <bryan_n...@xxxxxxxxxxx> wrote:
"Joe4500" <jd...@xxxxxxxxxxxx> wrote in message

news:c23de5ef-9a28-41bf-9a2f-ffd4ea48381b@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx





This is sort of a multi question thread here but I will try to be
brief:

We currently have 2 servers sharing an external IP, with port
forwarding on the firewall that allows SMTP traffic and http(s)
traffic to be forwarded onto our Exchange server 2003.  Internally,
OWA is enabled do a private domain, but for remote users, they
navigate to a sub domain of our web page (hosted by a third party)
which redirects them to our public IP to access OWA.

So, question 1, is it possible to have two certificates on our CA so
that people checking mail from inside AND outside get a valid
certificate?  Currently, those using OWA from outside get an invalid
cert error because its been issued to our internal domain.

Question 2, is RPC over HTTP even possible in this scenario given that
we have no publically available domain for our e-mail server?  Right
now, someone types in "http://mail.ourorganization.com"; which
redirects them to our firewall, which in turn directs them to our
exchange server.  If this is possible, will it ever work with an
invalid cert?

Hi Joe,

For question 1, you would need two separate websites to have two different
SSL certificates. Can you clarify what you mean by "invalid cert error" - do
you mean the name doesn't match the name on the site? Or that the
certificate is not trusted?

For question 2, RPC/HTTPS requires that the client trust the certificate
issued to the site, and that the name match the name of the site. So, the
SSL cert would need to match "mail.ourorganization.com"

Bryan- Hide quoted text -

- Show quoted text -

Bryan,

Yes, it was the name matching problem. The current cert is for our
internal address. I've tried to do what you've said but I keep
running into problems with the site configuration using the OWA data.
I can login, but the messages in the reading pane won't show (page not
found error). I'm sure it will just take some time and tinkering to
eventually get it to function properly.
.

Relevant Pages

  • Re: Self signed certs sync issue, WM5 + SBS2003
    ... You will be able to create signed certificates for your Exchange server. ... The catch is that the root certificate needs to be installed onto your WM5 device. ... you can download one from them to install on your device. ... I exported my personal cert from my PC that was issued by my sbs2003 ...
    (microsoft.public.pocketpc.activesync)
  • General Certificate Question
    ... This is a beginner certificate question please. ... the certs I generated on our server are never considered 'trustworthy' for OWA to swallow so my question is that I presume we have to buy one from one of the 10 or so prime cert generators. ...
    (microsoft.public.windows.server.sbs)
  • Re: OWA-SSL: Should I use 3rd party certificate or create own CA
    ... You can also get rid of that prompt by installing that self-created cert ... into the Trusted Root Certification Authority in IE. ... >>> display a warning that the Certificate is not ... >>> Then in they go to OWA and all is encyrpted. ...
    (microsoft.public.exchange.admin)
  • Re: Direct Push does not connect using external FQDN
    ... I got a GoDady cert, ... No prompts for certificate? ... If I use a self signed cert, OWA works and I can get Mobile to synch ... When I end and recreate connection to exchange server in WMDC, ...
    (microsoft.public.windows.server.sbs)
  • Re: Direct Push does not connect using external FQDN
    ... Last time I got around this by using a self signed certificate in place of ... I got a GoDady cert, ... If I use a self signed cert, OWA works and I can get Mobile to synch ... message that WMDC cannot verify the exchange server settings. ...
    (microsoft.public.windows.server.sbs)