Re: Multiple SSL Certificates for OWA?

From: "PL" <syplai@xxxxxxxxxxxx(autodeletejunkemails)>
Date: Fri, 6 Apr 2007 14:58:25 +0800

Configure a separate site on the OWA server. Each site can use one and
only one SSL cert. You can't have 2 SSL certs in one site. In addition,
each IP can only be assigned to one SSL sites. That means, your server
needs to have 2 IPs. One IP is linked to the Internet
gateway/router/firewall and you connect to it using mail.domain.com. The
other IP is used internally and you connect to it using server.domain.com.
1. Add an additional IP on your network card
2. Use IIS to create a new site based on the new IP
3. Install the corresponding SSL cert on the new site to enable SSL
4. Update the internal DNS/WINS server to resolve correct names to the 2
IPs.
5. Use ESM to extend the new site for use by OWA

OR

Configure a valid SSL certificate that supports Subject Alternate Names. If
you are using internal Win2k/2k3 CA:
1. On your internal CA, use command prompt to run: certutil -setreg
policy\editflags +EDITF_ATTRIBUTESUBJECTALTNAME2
2. On the web server, use http://yourcertserver/certsrv to request a new Web
Server Certificate. Before you submit the request, add the following string
to the "Attributes" textbox:
"SAN:DNS=mail.domain.com&DNS=server.domain.com&DNS=SERVER".
3. Install the cert and use it in IIS.

--
PL

I have setup OWA on our only Exchange system in our organization (Exchange
2003). I created and installed a SSL certificate to the OWA sithe (the
default web site in IIS), and it works fine when accessing OWA from

outside

our network, i.e. https://mail.domain.com/exchange. However, when someone
tries to access the OWA from INSIDE our network, i.e.
https://server.domain.com/exchange, we get a certificate warning. I have
tried to find information on how to install a 2nd certificate, and I am

not

even sure if it can be done.

Thanks in advance,
Brian

References:
- Multiple SSL Certificates for OWA?
  - From: Brian

Prev by Date: Re: New server setup....
Next by Date: Exchange on DC
Previous by thread: Re: Multiple SSL Certificates for OWA?
Next by thread: Re: Have Exchange 2003 on Win2K... Want to move to Win2K3 box
Index(es):
- Date
- Thread

Relevant Pages

Is there any way to manually install OWA under an already existing web site?
... We have several websites running on a Windows 2003 Server. ... under this web site and enforce SSL connections to those directories. ... We have tried using Exchange 2003 System Administrator to set up OWA, ...
(microsoft.public.exchange2000.setup.installation)
Is there any way to manually install OWA under an already existing web site?
... We have several websites running on a Windows 2003 Server. ... under this web site and enforce SSL connections to those directories. ... We have tried using Exchange 2003 System Administrator to set up OWA, ...
(microsoft.public.exchange2000.general)
Re: problem with OWA redirection Exch 2k7
... This is loaded on Win2k3 server and I allow SSL ... through the firewall to this exchange 2007 server for OWA, ... The problem is when I implement the first proceedure listed, the redirect ...
(microsoft.public.exchange.admin)
Re: Questions about password policies
... Unable to Change Password Using OWA ... How to enable password change functionality for Microsoft Exchange Server ... In order to do so you must first configure your server to use SSL. ... object), expand Web Sites, and then expand Default Web Site. ...
(microsoft.public.windows.server.sbs)
Re: OWA 2003 and SSLv2 Security Vulnerability
... Exchange 2003 Enterprise with an OWA server in the DMZ. ... This SSL service supports SSLv2 connections. ... Microsoft Knowledge Base article to remove SSLv2 support from ...
(microsoft.public.exchange.admin)