Re: Firewall & Certificates & Outlook over HTTP

From: Leythos <void@xxxxxxxxxxx>
Date: Sat, 29 Sep 2007 13:03:34 -0400

In article <efymsxqAIHA.4752@xxxxxxxxxxxxxxxxxxxx>,
microtalk@xxxxxxxxxxx says...

We are having problems getting self signed certificates to work, when we
connect to the SBS box with server.domain.com/remote and install the
certificate it seems to work OK but when we go to the site again it says
there is a mismatch and the users can't get emails using Outlook over HTTP.
When I view the certificate it is issued by mydomain.com whereas other
successful certificates are issued by server.mydomain.com.

We have a SBS 2003 Standard server and a Windows 2003 Standard server as a
Terminal Server with a Netgear firewall router. I have opened the necessary
ports on the firewall and used port forwarding to direct the different
services to the SBS or Terminal Server systems and everything is working
except for the certificates and therefore Outlook over HTTP.

Is it mandatory to use the 2 NIC configuration to use self signed
certificates or can I get it to work with the router?

Your cert should be created with the SAME public name as you are using
to connect to it with. By default the wizards don't do this, you have to
manually tell it what FQDN you want to use.

As an example, we use office.ourcompany.com for every customer (replace
OURCOMPANY with your public name), and the cert is also
office.ourcompany.com - we make sure there is a public DNS record for
office.ourcompany.com and we even create an INTERNAL DNS record for
office.ourcompany.com so that everything works in/out.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)
.

References:
- Firewall & Certificates & Outlook over HTTP
  - From: Chris

Prev by Date: Re: Vista Fax and Scan nightmares
Next by Date: Re: RWW Setup Problem
Previous by thread: Re: Firewall & Certificates & Outlook over HTTP
Index(es):
- Date
- Thread

Relevant Pages

Re: Setting up Push Mail in SBS 2003
... there are problems with the SSL certificates. ... Generally the first hits you'll get in Google will be SSL cert related. ... Outlook Mobile access on SBS 2003. ...
(microsoft.public.windows.server.sbs)
Re: Trying to setup Activesync now cant access /exchange or /remote
... and then either double-click Certificates or click Certificates ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
(microsoft.public.windows.server.sbs)
Re: VPN, SBS goals
... digital certificates for various purposes. ... the setup at the SBS end is made using the Internet Connection Wizard, ... There's absolutely no need for any aspect of the external domain to ... though it is usual for SBS to be the mail server. ...
(microsoft.public.windows.server.sbs)
Re: I need your SBS placement advice. And access problems question
... I will use an edge firewall simply because it will offload some of the hits to ISA on SBS and it will only have to concentrate on the few ports open to it. ... Another reason for a separate machine, particularly one running iptables, is that you have a location for troubleshooting that is outside SBS but does not involve the Internet, so you can test ISA rules easily. ... Something you may not know is that the SBS web services can be configured to require client certificates, where you export the users' client certificates to the remote browsers. ...
(microsoft.public.windows.server.sbs)
Re: Simulate Internet Access to SBS R2 in Virtual Server R2?
... However, if you publish RWW to the web, and a client comes in from the web ... mileage from other security measures besides certificates (but I will ... to understand how self-signed certificates work in SBS. ...
(microsoft.public.windows.server.sbs)