Re: Self certified SSL on SBS 2003 for a very small office...

On Nov 13, 2:09 pm, "Lanwench [MVP - Exchange]"
<lanwe...@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
magelan <mage...@xxxxxxxxxxxxxx> wrote:
On 12 Nov, 13:50, "Lanwench [MVP - Exchange]"
<lanwe...@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
magelan <mage...@xxxxxxxxxxxxxx> wrote:
Hi All!

Ashamed to admit but whilst I seem to be quite pro in hardware and
troubleshooting, the SSL subject is somewhat a mystery for me...
Never afraid to ask I need help... Plz...

The situation is as follows:

SBS 2003 server behind a Draytek router modem (DHCP enabled,

I'd turn that off & use your SBS server for DHCP if you want
everything to worksmoothly (dynamic DNS updates from your
LAN-connected machines). Additionally, unless you're using ISA, I'd
recommend you get a firewall appliance that can do more than just
basic NAT & filtering - something that can do logging, alerting,
etc. I personally like Sonicwalls for the small business market, but
there are many other options.

Touch wood I have not had any penetration problems yet with my Draytek
firewall. I use logging feature that sends all data from the router to
the server and it is kept there.

Sure, your call. But it isn't providing you much protection, I fear.


Hmm... I wonder if I can test it somehow... Will explore
further......:)




server -
fixed IP, ports locked down and are opened when needed by me). ISP
keeps a fixed public IP address for me. The server is used as a
basic file and Exchange server for 3 LAN computers. I have a free
DNS name in a format "XX.serveftp.com" pointing to my fixed IP
address for convenience of not having to remember the actual IP
number...

Do you not have a registered domain name? If not, you might register
one & start using it. Life is a lot easier. And you could use
whatever.mydomain.com - and use @mydomain.com for your email.

I have a domain name

Then you don't need to use xx.serveftp.com - set up an A record in your own
domain.

Somehow this absolutely obvious answer had never occured to me... 8-|


and my email is handled by the hosting company.

Why not handle it yourself?

My server up time is not as good as theirs and they host my website
too...




I have a notorious Nokia E61 which I did not manage to work on VPN
(Nokia's greed but that's not the question any more). My only way to
sync my phone is to use an SSL certificate.

I have tried to follow guides

Don't follow any guides that aren't SBS specific.

to create a self-certified SSL
certificate and managed to install it on both Server and my Nokia
but keep getting errors that SSL certificate received from the
server is not truested or invalid. When I tried to go the the
HTTPS:// on the server I also get the error that the certificate is
untrusted (fine I choose to trust it) and then the actual page also
fails saying that there is a certificate error.

I'm not sure if during the certificalte creation process in the area
when I have to put the DNS name I need to put my fixed IP number or
the free DNS name "XX.serveftp.com"?

If I can't get the self-certificate SSL to work I am ready to get a
cheap commercial SSL but still all of them seem to be designed for a
website (which I don't have or need). Or am I missing the point due
to my lack of SSL knowledge?

Did you run the CEICW and choose the SSL cert name xx.serveftp.com ?
Do so, if you haven't....

Then, here's what I usually do -

Open OWA using IE on your server or LAN-connected computer
Double click on the "lock"
In the certificate properties, click Details
Click Copy to File...and click Next
In the file format, choose DER encoded binary x.590 (.cer)
Save it somewhere safe & accessible on your network, naming it
something logical

I have no idea how you'll get this on your Symbian Nokia, though.

Did you check out RoadSync (www.dataviz.com)?ForSymbian devices,
and Palm
OS devices, this works very well with Exchange Activesync.- Hide
quoted text -

- Show quoted text -


.

Relevant Pages

  • RE: SSL MITM not on port 443
    ... Have you ever done what you're trying to do on a "normal" SSL web ... My recommendation would be to set up a web server in your lab ... hopes that the client will accept that certificate. ... SSL MITM not on port 443 ...
    (Pen-Test)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: Domain Controllers Cant reach Default Gateway...
    ... DNS it was missing the CNAME entry with the GUID for the other ... If a BIND server is being used, the design would be based on what ... One of them has Certificate ... Because the XP laptop wouldn't get the root certificate on it's own I ...
    (microsoft.public.win2000.active_directory)
  • Re: "Could not connect to server" error when accessing Outlook 200
    ... Perhaps when you connect via RDP, you have to use SSL. ... The server you are connected to is using a security certificate ... A certificate chain processed, but terminated in a root certificate which is ... Settings on the Advanced tab. ...
    (microsoft.public.outlook.installation)
Quantcast