OWA only works with server name...
- - When I access, on the server, https://servername/owa I get the login page without error.
- When I access, on the server, https://localhost/owa I get a certificate error.
Error message:
"The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website. "
If I select continue the login page is displayed and I am able to login successfully.
- For some reason localhost does not resolve from workstations.
sbs 2008, exchange 2007
ssl cert issued through godaddy
the default website uses the mail.domainname.com certificate at the moment.
because the localhost is not resolving without error we are having issues with another key application.
Not sure what I need to change or correct?
please advise, this is really causing a problem, your help is greatly appreciated.
James
Answers
You'll need to include the name of the localhost as a subject alternative name within the certificate or use a wildcard for the certificate subject name:
http://msexchangeteam.com/archive/2007/02/19/435472.aspx
Exchange 2007 lessons learned - generating a certificate with a 3rd party CA
http://msexchangeteam.com/archive/2007/07/02/445698.aspx
http://technet.microsoft.com/en-us/library/bb851505.aspx
You can go back to GoDaddy and ask to include that or you may need to generate/purchase a new cert.- Proposed As Answer byFrank.WangMSFT, ModeratorMonday, November 02, 2009 6:20 AM
- Marked As Answer byFrank.WangMSFT, ModeratorThursday, November 05, 2009 2:31 AM
- When I access, on the server, https://servername/owa I get the login page without error.
- When I access, on the server, https://localhost/owa I get a certificate error.
"The security certificate presented by this website was issued for a different website's address.
- For some reason localhost does not resolve from workstations.
the default website uses the mail.domainname.com certificate at the moment.So, https://servername/owa and https://mail.domainname.com works without a certificate error. This means you've got a SAN / UC cert from GoDaddy. You can have up to five subject alternative names in your cert for the same prize (if I remember well). Note: the subject name or issued to needs to be part of one of the five names in the SAN list.
So, to solve your first problem. Add localhost to the SAN-list. Take a look at the picture here:
Subject Alternative Names (SANs)
http://eu.globalsign.com/digital-certificate/options/sans-multi-domain-ssl.htm
DNS name = localhost
After you have imported and enabled this new cert for Exchange, you will not get any errors on your SBS box.
If your "another key application" runs on your SBS box, this will solve your problem. If it runs on a different server, it won't, at least not in the first place.
Localhost refers to the loop-back address of each individual machine. If you look at your hosts file in C:\Windows\System32\drivers\etc, you will see these two entries:
127.0.0.1 localhost
::1 localhost
The first entry is for IPv4, the second for IPv6. (Actually 16 777 216 addresses are set aside for this sole purpose).
On a different workstation or server localhost will not refer to your SBS box but to itself.
MCTS: Messaging | MCSE: S+M | Small Business Specialist- Proposed As Answer byFrank.WangMSFT, ModeratorMonday, November 02, 2009 6:20 AM
- Marked As Answer byFrank.WangMSFT, ModeratorThursday, November 05, 2009 2:31 AM
- Yes.
If by "localhost", you mean the actual name of the server, then add that.
If by "localhost", you mean the actual word "localhost", you'll need to add that as well.
But the word "Localhost" will only work if you are accessing it from that specfic server because if you use that name from another host, it will access itself.
Hope that makes sense.- Proposed As Answer byFrank.WangMSFT, ModeratorTuesday, November 03, 2009 2:06 AM
- Marked As Answer byFrank.WangMSFT, ModeratorThursday, November 05, 2009 2:31 AM
All Replies
- Oh, one more point of clarification...
We are able to access owa externally without error and the internal outlook clients connect and login to exchange without error as well.
Thanks again,
James You'll need to include the name of the localhost as a subject alternative name within the certificate or use a wildcard for the certificate subject name:
http://msexchangeteam.com/archive/2007/02/19/435472.aspx
Exchange 2007 lessons learned - generating a certificate with a 3rd party CA
http://msexchangeteam.com/archive/2007/07/02/445698.aspx
http://technet.microsoft.com/en-us/library/bb851505.aspx
You can go back to GoDaddy and ask to include that or you may need to generate/purchase a new cert.- Proposed As Answer byFrank.WangMSFT, ModeratorMonday, November 02, 2009 6:20 AM
- Marked As Answer byFrank.WangMSFT, ModeratorThursday, November 05, 2009 2:31 AM
- When I access, on the server, https://servername/owa I get the login page without error.
- When I access, on the server, https://localhost/owa I get a certificate error.
"The security certificate presented by this website was issued for a different website's address.
- For some reason localhost does not resolve from workstations.
the default website uses the mail.domainname.com certificate at the moment.So, https://servername/owa and https://mail.domainname.com works without a certificate error. This means you've got a SAN / UC cert from GoDaddy. You can have up to five subject alternative names in your cert for the same prize (if I remember well). Note: the subject name or issued to needs to be part of one of the five names in the SAN list.
So, to solve your first problem. Add localhost to the SAN-list. Take a look at the picture here:
Subject Alternative Names (SANs)
http://eu.globalsign.com/digital-certificate/options/sans-multi-domain-ssl.htm
DNS name = localhost
After you have imported and enabled this new cert for Exchange, you will not get any errors on your SBS box.
If your "another key application" runs on your SBS box, this will solve your problem. If it runs on a different server, it won't, at least not in the first place.
Localhost refers to the loop-back address of each individual machine. If you look at your hosts file in C:\Windows\System32\drivers\etc, you will see these two entries:
127.0.0.1 localhost
::1 localhost
The first entry is for IPv4, the second for IPv6. (Actually 16 777 216 addresses are set aside for this sole purpose).
On a different workstation or server localhost will not refer to your SBS box but to itself.
MCTS: Messaging | MCSE: S+M | Small Business Specialist- Proposed As Answer byFrank.WangMSFT, ModeratorMonday, November 02, 2009 6:20 AM
- Marked As Answer byFrank.WangMSFT, ModeratorThursday, November 05, 2009 2:31 AM
- When I access, on the server, https://servername/owa I get the login page without error.
- When I access, on the server, https://localhost/owa I get a certificate error.
"The security certificate presented by this website was issued for a different website's address.
- For some reason localhost does not resolve from workstations.
the default website uses the mail.domainname.com certificate at the moment.So, https://servername/owa and https://mail.domainname.com works without a certificate error. This means you've got a SAN / UC cert from GoDaddy. You can have up to five subject alternative names in your cert for the same prize (if I remember well). Note: the subject name or issued to needs to be part of one of the five names in the SAN list.
So, to solve your first problem. Add localhost to the SAN-list. Take a look at the picture here:
Subject Alternative Names (SANs)
http://eu.globalsign.com/digital-certificate/options/sans-multi-domain-ssl.htm
DNS name = localhost
After you have imported and enabled this new cert for Exchange, you will not get any errors on your SBS box.
If your "another key application" runs on your SBS box, this will solve your problem. If it runs on a different server, it won't, at least not in the first place.
Localhost refers to the loop-back address of each individual machine. If you look at your hosts file in C:\Windows\System32\drivers\etc, you will see these two entries:
127.0.0.1 localhost
::1 localhost
The first entry is for IPv4, the second for IPv6. (Actually 16 777 216 addresses are set aside for this sole purpose).
On a different workstation or server localhost will not refer to your SBS box but to itself.
MCTS: Messaging | MCSE: S+M | Small Business Specialist
Now see, I assumed he meant the actual name of the server, not "localhost". Lol.- Thanks Andy and Jon-Afred,
If I'm understanding you correctly you're telling me to add an entry in the SSL Cert for "localhost", correct?
Jon-Alfred, you're also saying that the "localhost" entry will only resolve locally, correct?
James - Yes.
If by "localhost", you mean the actual name of the server, then add that.
If by "localhost", you mean the actual word "localhost", you'll need to add that as well.
But the word "Localhost" will only work if you are accessing it from that specfic server because if you use that name from another host, it will access itself.
Hope that makes sense.- Proposed As Answer byFrank.WangMSFT, ModeratorTuesday, November 03, 2009 2:06 AM
- Marked As Answer byFrank.WangMSFT, ModeratorThursday, November 05, 2009 2:31 AM
