none
SSL setup and Send the request immediately to an online certificate authority (disabled)

    Domanda

  • New installation Windows 2003 server. Single server with installed DC, Active Directory, IIS, Exchange 2003. Also imported all security policies included in Exchange Server 2003 Security Hardening Guide.

    I can use OWA over http, but want to set up over https. How to do it properly in this environment?

    I started doing by following step-by step guide in http://www.petri.co.il/configure_ssl_on_owa.htm  but in my case the option

    "Send the request immediately to an online certificate authority" is disabled in the IIS sertificate wizard. there is a link for this case to install Stand-alone Certification Authority. But I understand that stand-alone CA is recommended only when there is no Active Directory domain. 

    in my case I have AD. the option "Send the request immediately to an online certificate authority" went to disabled state after importing security hardening policies. Which policy could I manually change to get it back?

     

    martedì 24 gennaio 2012 20:54

Risposte

Tutte le risposte

  • First question would be, what security hardening policies did you import and where did you import them?  What servers are affected by the policies?
    JAUCG
    mercoledì 25 gennaio 2012 02:52
  • the policies I imported are following:

    Exchange_2003-Backend_V1_1.inf
    Exchange_2003-Cluster_Node_Base_V1_1.inf
    Exchange_2003-Cluster_Node_IMAP4_V1_1.inf
    Exchange_2003-Cluster_Node_POP3_V1_1.inf
    Exchange_2003-DC_Incremental_V1_1.inf
    Exchange_2003-Frontend_V1_1.inf
    Exchange_2003-HTTP_V1_1.inf
    Exchange_2003-IMAP4_V1_1.inf
    Exchange_2003-NNTP_V1_1.inf
    Exchange_2003-POP3_V1_1.inf
    Exchange_2003-RPC-HTTP_V1_2.inf
    Exchange_2003-SMTP_V1_1.inf

    and I did in that same order (did in same order, from beginning). I have only only one physical server. Active Directory, Exchange and IIS are all in that same server.


    • Modificato ssl_kvh mercoledì 25 gennaio 2012 11:35
    mercoledì 25 gennaio 2012 11:34
  • Well, if you are going to get a SSL certificate from a third party like GoDaddy, Verisign, EndTrust, etc. you can always just save it to a .CER file and send that off to them to get your cert.  I assume that option is still available?
    JAUCG
    mercoledì 25 gennaio 2012 16:33
  • Any updates?
    JAUCG
    domenica 29 gennaio 2012 18:20