Re: CEICW after loading third party certificate

No change in error. After revoking the old certificate that had a mismatched
address, I see the new one has the same issue.
--
Regards,
Jamie


"SuperGumby [SBS MVP]" wrote:

the SOA for the public DNS domain has _very little_ to do with anything and
in the great majority of cases _IS NOT_ an SBS.

pick a name that you wish to access your server by. It doesn't matter if it
is in your company domain (eg. server.company.com) or outside this (eg
server.some_other_domain.whatever), you are simply pointing a name (any
name) to your public IP.

"thejamie" <thejamie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BEF12C6B-FFDF-43F4-89F3-0EE87714FFC1@xxxxxxxxxxxxxxxx
IF I understand this correctly...

Assuming the SOA (Start of Authority) is MyServer.MyDomain.com, I would
request a certificate called by the same name,

or put another way,

if the name of my server were REMOTE as in log into
\\REMOTE\Users\MyLogin,
then the common name should be remote.mydomain.com.

Taking yet another approach, if the website name is Remote, then the
appropriate common name would also be remote.mydomain.com.

Either way, the ability to verify with an SSL certificate should work.
Furthermore, avoid publishing.mydomain.com because that one is part of the
way that ISA 2004 is setup.
--
Regards,
Jamie


"SuperGumby [SBS MVP]" wrote:

the actual choice of name doesn't much matter and there's a couple of
choices that can work, depending on how much you want to spend.

simplest: Choose a name for the server and get a cert with that name. The
use of mail.whatever is common for mail servers but not a necessity, and
IMHO not appropriate for SBS as it gives SO MUCH more than simply mail.
remote.etc or location.etc work for me.

harder and more expensive: get multiple certs that apply to each name you
wish to address the server by. mail.etc gets a cert, as does remote.etc,
and
each cert is linked to only those functions it serves.

easy but most expensive cert: wildcard cert, the one cert serves all
functions but various functions are accessed using different names.

"thejamie" <thejamie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0C22E9E9-9171-4598-821A-34E2C43DDA0B@xxxxxxxxxxxxxxxx
Robbin,
I put this on a back burner but am at it again. There are two
explanatory
web sites online that still exist for SBS 2003:

http://www.smallbizserver.net/Articles/tabid/266/articleType/ArticleView/ArticleID/283/PageID/470/Default.aspx

and

http://blogs.technet.com/sbs/archive/2007/08/21/how-to-install-a-public-3rd-party-ssl-certificate-on-iis-on-sbs-2003.aspx

The first suggests the use of remote.company.com (as in remote web) and
the
second mail.company.com (as in exchange web and also will match the MX
record). These don't seem like random choices, so I am hoping someone
might
be able to explain why those chose that particular combination.
--
Regards,
Jamie


""Robbin Meng [MSFT]"" wrote:


Hello Jamie,

Thanks for your detailed response.

First, does OWA works internal when using internal client to access
it?
and RWW website?

Regarding the KB328917, it is for ISA 2000 not directly for ISA 2004,
so
there are some difference on the instructions. I am looking for the
instructions of configuring Web Proxy
Client. Web proxy clients can authenticate with the ISA Firewall, in
contrast to SecureNET clients, which cannot authenticate with the ISA
Firewall.

Moreover, have you tried re-run CEICW and don't choose the Godaddy
cert,
instead, use SBS self assigned cert. On the "Web Server Certificate"
page, choose "Create a new
Web server certificate" and key in your public domain name in the box?
Does OWA RWW etc webstie work then?

By the way, I suggest you download and install the ISA server 2004 SP3
on
the SBS 2003 server and then check how it works.

ISA Server 2004 Service Packs
http://technet.microsoft.com/en-us/forefront/edgesecurity/bb734832.aspx

Thanks for your time.


Best regards,
Robbin Meng(MSFT)
Microsoft Online Newsgroup Support









.

Relevant Pages

  • Re: SharePoint 3.0: problems with external access
    ... Here are the steps to publish a WSS 3.0 application behind ISA Server. ... Let's assume that you created a new WSS 3.0 application, that listens to port 80, and the host header is 'Intranet'. ... Go to IIS Manager and make sure that the IP address of the site is set to the IP address of the server. ... Run the wizard to create a new SSL certificate for the site. ...
    (microsoft.public.windows.server.sbs)
  • Re: Adding EXCH2007 SP1 box to existing EXCH2003 SP2 Org
    ... Certificates - going to be using a SAN Certificate like I have many times before. ... We are making this a virtual server (someone is going on-site on Thursday to install VMWare (which will kill everything on this box) and WIN2008 Server SP1 x64 and then I will install EXCH2007 SP1. ... as mentioned - ISA was not involved in any of those eight environments.... ...
    (microsoft.public.exchange.admin)
  • Re: Adding EXCH2007 SP1 box to existing EXCH2003 SP2 Org
    ... Certificates - going to be using a SAN Certificate like I have many times before. ... If the Exchange 2007 box is hosting mailboxes, it won't work as a front-end equivalent. ... We are making this a virtual server and WIN2008 Server SP1 x64 and then I will install EXCH2007 SP1. ... as mentioned - ISA was not involved in any of those eight environments.... ...
    (microsoft.public.exchange.admin)
  • Re: Web Certificate for IIS Server on SBS Domain
    ... Before your reply, I actually ran across rapidssl myself, and have ordered and installed the free 30-day certificate on my site. ... I explained what you'd told me about putting my existing configuration at risk by installing Cert Services, and he said he didn't know that. ... Again, if you're just needing a cert to install on your web server to provide SSL connectivity for remote users, go with an external third-party provider. ... When you add Certificate Services on an internal network, lots of internal communications will start using pieces provided by the Cert Server instead of the defaults from Server 2003, and when things blow up, they can blow up gloriously. ...
    (microsoft.public.windows.server.sbs)
  • Re: Activesync between Windows Mobile 5 and SBS2003 gives error
    ... If you don't find a cert here that matches the URL for OWA, you need to re-run the CEICW wizard on the SBS box and re-create the self signed cert. ... I exported the certificate straight from the server. ... Treo 700wx running Windows Mobile 5. ...
    (microsoft.public.windows.server.sbs)
Loading