Re: E2K7, ActiveSync and SSL

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Yes - make sure the certificate subject name matches the external fqdn and the devices trust the CA.

--
Bharat Suneja
Microsoft Corporation
----------------------------------
This posting is provided "AS IS" with no warranties, and confers no
rights. Please do not send email directly to this alias. This alias is for
newsgroup purposes only.


"Strunk" <Strunk@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:19F5EAD5-AE73-4B34-B14E-522DF5839BD0@xxxxxxxxxxxxxxxx
So you are saying that it is possible to get this setup to work as
long as i get the SSL certifikat right ?.

--
/Strunk


"Bharat Suneja [MSFT]" wrote:

So it's simply passing on inbound HTTPS traffic.
The URL used to access it from outside should be used in the subject name of
the cert.
Generally, if you're using the same web site to access OWA as well - you can
use the same URL (and certificate) to access EAS as well.

--
Bharat Suneja
Microsoft Corporation
------------------------
This posting is provided "AS IS" with no warranties, and confers no
rights. Please do not send email directly to this alias. This alias is for
newsgroup purposes only.


"Strunk" <Strunk@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6BAFA97E-A2EC-47CC-A818-19D3202C1927@xxxxxxxxxxxxxxxx
> I'm using a Symantec Security gateway 5640 appliance box.
> As far as i know it don't operate on the application layer like
> ISA can.
> I can't install a certificate on the appliance box.
>
> -- > /Strunk
>
>
> "Bharat Suneja [MSFT]" wrote:
>
>> What firewall are you using? Does it look at the application layer >> (like
>> ISA)? Do you need to install a certificate on firewall/appliance (as >> you
>> need to if you're using ISA)?
>>
>> -- >> Bharat Suneja
>> Microsoft Corporation
>> ------------------------
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights. Please do not send email directly to this alias. This alias is
>> for
>> newsgroup purposes only.
>>
>>
>> "Strunk" <Strunk@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:CEE07626-E20D-4C9B-957D-284B711C9F71@xxxxxxxxxxxxxxxx
>> > Hello All,
>> >
>> > I have a ?.
>> > I currently have a CAS server setup on our LAN with the internal >> > URL:
>> > https://cas1.mydomain.local/Microsoft-Server-ActiveSync
>> >
>> > As that URL can not be used from the Internet i would like our >> > mobile
>> > devices to use https://mobile.domain.com/Microsoft-Server-ActiveSync
>> > for
>> > access to the ActiveSync. Our Firewall would then handle the ip
>> > translation
>> > (not an ISA server) and redirect the
>> > https://mobile.domain.com/Microsoft-Server-ActiveSync
>> > to the internal URL
>> > https://cas1.mydomain.local/Microsoft-Server-ActiveSync.
>> >
>> > Would that be possible and which URL should be used for the SSL >> > cert.
>> > ???
>> >
>> > If possible could someone point me in the right direction for >> > setting
>> > this
>> > up ?.
>> >
>> > -- >> > /Strunk
>>
>>



.

Relevant Pages

  • Re: E2K7, ActiveSync and SSL
    ... long as i get the SSL certifikat right ?. ... Please do not send email directly to this alias. ... ISA can. ... I can't install a certificate on the appliance box. ...
    (microsoft.public.exchange.setup)
  • Re: SharePoint 3.0: problems with external access
    ... Here are the steps to publish a WSS 3.0 application behind ISA Server. ... Let's assume that you created a new WSS 3.0 application, that listens to port 80, and the host header is 'Intranet'. ... Go to IIS Manager and make sure that the IP address of the site is set to the IP address of the server. ... Run the wizard to create a new SSL certificate for the site. ...
    (microsoft.public.windows.server.sbs)
  • Re: SharePoint 3.0: problems with external access
    ... In one of the tabs of the publishing rule there is an option to set that the requests come from the client and not from the ISA computer. ... Do you have an email address you can post for me to send you some screen shots of my ISA rule and Web Certificate for you to look at. ... When it comes down to selecting the Web Listener, create a new one, using the certificate you just created at port 8889. ... Click on delete pending request and then start the wizard again. ...
    (microsoft.public.windows.server.sbs)
  • Re: Adding EXCH2007 SP1 box to existing EXCH2003 SP2 Org
    ... Certificates - going to be using a SAN Certificate like I have many times before. ... We are making this a virtual server (someone is going on-site on Thursday to install VMWare (which will kill everything on this box) and WIN2008 Server SP1 x64 and then I will install EXCH2007 SP1. ... as mentioned - ISA was not involved in any of those eight environments.... ...
    (microsoft.public.exchange.admin)
  • Re: Adding EXCH2007 SP1 box to existing EXCH2003 SP2 Org
    ... Certificates - going to be using a SAN Certificate like I have many times before. ... If the Exchange 2007 box is hosting mailboxes, it won't work as a front-end equivalent. ... We are making this a virtual server and WIN2008 Server SP1 x64 and then I will install EXCH2007 SP1. ... as mentioned - ISA was not involved in any of those eight environments.... ...
    (microsoft.public.exchange.admin)