Re: W2K3 URL to CA cannot verified!?
From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 02/27/05
- Next message: Todd J Heron: "Re: NT 4 DC's in 2003 AD"
- Previous message: Al Mulnick: "Re: Active Directory Question"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 28 Feb 2005 08:41:59 +1100
Hi Alex
It sounds like the clients don't have the root CA certificate in their
trusted root authority store. It works internally because this is published
to the directory and internal clients automatically received the
certificate.
When external clients connect and see the OWA certificate, they need to
validate it by looking at which CA issued the certificate and then checking
to see if they have that CA in their trusted root authority store. You can
get this to the clients by exporting it from the CA and then installing it
to the external clients or if the CA has the web component installed and
working, browse to the certificate services web site (you'll need to publish
this externally) and request the CA certificate.
HTH
-- Mark Renoden [MSFT] Windows Platform Support Team Email: markreno@online.microsoft.com Please note you'll need to strip ".online" from my email address to email me; I'll post a response back to the group. This posting is provided "AS IS" with no warranties, and confers no rights. "alex" <ntnewsNO@SPAM.hrz3.hrz.tu-darmstadt.de> wrote in message news:%23pCuwHFHFHA.1172@TK2MSFTNGP12.phx.gbl... > hi > > there is a small install or initial config fault, but i cannot find a > solution :-( > > 1. i have installed organisiation cert services on a machine in our > internal network. this machine have a internal name > "server1.company.local". > 2. configured with the wizzard... > 3. reconfigured the download location to the external internet name, > removed everything expect http download location > 4. recreated the CA cert for updateing the URLs > 5. then i have two certs listed in the CA cert list (don't know why - i > only need one!) > 6. created a cert for some services on this machine with the external > internet name. like owa.companydomain.de , smtp.companydomain.de and so on > 7. now if i access this OWA site the cert warning comes up. this is ok... > but the cert cannot verified to the CA... > > if i'm doing this internaly it works and it looks finaly like the internal > machine name is used for this path!??? > > if i issue a cert to the CA there is the internal name displayed followed > by the CA Name i have configured! i'm sure this is the source of my > problem... but finaly i don't know in what setup step i can configure > this!?? > > > Regards > Alex >
- Next message: Todd J Heron: "Re: NT 4 DC's in 2003 AD"
- Previous message: Al Mulnick: "Re: Active Directory Question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
