locked
Exchange 2007 Self-Signed Certificate RRS feed

  • Question

  • Hi All, I have set up a normal test lab. The scenario is like :

    Domain name:testlab.com

    Exchange 2007 server name:exsrv (CAS+HTS+MBX rols installed in this server).

    I have created a self-signed certificate with cn=webmeail.exsrv.com and SAN name includes:exsrv,exser.testlab.com,autodiscover,autodiscover.testlab.com,webmail.testlab.com and enabled it for IIS/IMAP/POP/SMTP in my exchange server.

    I have changed the OWA virtual direcory internal URL to https://webmail.testlab.com/owa and also changed the other virtual directory internal URL to the same. I also changed the autodiscoverinternalurl to webmail.testlab.com.

    When I am trying to acces OWA using https://webmail.testlab.com/owa from IE internally, it's not letting me to access OWA (this page can not be displayed)  but if I choose https://exsrv.testlab.com/owa, it works fine without certificate error. Once logged in using this URL, if I click the Certificate option from the browser, I can see the message like "webmail.testlab.com has identified this site as exsrv.testlab.com".

    The self signed certificate that I created has no error. I have checked it from the Exchange server certificate MMC and it's all good.

    I have checked the the event logs, but no related error was found. My  question is as long as the CN holds the name ""webmail.testlab.com"

    and it's valid and enabled certificate, why it's not letting me access OWA  when I  try to access OWA using https://webmail.testlab.com/owa

     

    Can anyone help me what else I need to check?

    Regards,

     

    Imrul

    Thursday, December 29, 2011 11:20 PM

Answers

  • Hi,

    Please verify below steps:

    1 Go to EMC server configuration > Client Access > OWA > Properties > Internal URL > https://webmail.testlab.com/owa

    2 Add a DNS record in DNS server: webmail.testlab.com

    Try again.


    Rowen

    TechNet Community Support

    • Proposed as answer by James Kulikowski Saturday, December 31, 2011 9:12 PM
    • Marked as answer by Rowen-Xu Thursday, January 5, 2012 9:03 AM
    Friday, December 30, 2011 3:06 AM
  • be sure yo add the DNS records for autodiscover as well pointing to the IP address for exchange server hosting these CAS services
    Network+,Security+,NCSA,MCTS,MCPS,And MCITP
    • Proposed as answer by jay4662002 Saturday, December 31, 2011 9:12 PM
    • Marked as answer by Rowen-Xu Friday, January 6, 2012 7:28 AM
    Saturday, December 31, 2011 9:10 PM

All replies

  • Sorry. there were typo error in the previous message.....the  self-signed certificate contains the following

    the CN is: webmail.testlab.com 

    SAN:exsrv,exsrv.testlab.com,autodiscover,autodiscover.testlab.com,webmail.testmail.com

    Thursday, December 29, 2011 11:23 PM
  • Hi,

    Please verify below steps:

    1 Go to EMC server configuration > Client Access > OWA > Properties > Internal URL > https://webmail.testlab.com/owa

    2 Add a DNS record in DNS server: webmail.testlab.com

    Try again.


    Rowen

    TechNet Community Support

    • Proposed as answer by James Kulikowski Saturday, December 31, 2011 9:12 PM
    • Marked as answer by Rowen-Xu Thursday, January 5, 2012 9:03 AM
    Friday, December 30, 2011 3:06 AM
  • Hi Rown,

    Thnaks for your reply. For the OWA virtual directory, the internal URL is set to https://webmail.testlab.com/owa.

    I will create the DNS "A" record for webmail.testlab.com pointing to the CAS server IP. I will let you know how it goes.

    Regards,

    Imrul

    Saturday, December 31, 2011 4:53 AM
  • Looking forward to your update.

    Rowen

    TechNet Community Support

    Saturday, December 31, 2011 5:25 AM
  • be sure yo add the DNS records for autodiscover as well pointing to the IP address for exchange server hosting these CAS services
    Network+,Security+,NCSA,MCTS,MCPS,And MCITP
    • Proposed as answer by jay4662002 Saturday, December 31, 2011 9:12 PM
    • Marked as answer by Rowen-Xu Friday, January 6, 2012 7:28 AM
    Saturday, December 31, 2011 9:10 PM
  • Hi Rowen/ James,

    Yes, both of your suggestions worked for me. Created both the "A" records and was able to access the OWA internally https://webmail.testlab.com/OWA.

    Just one question...I did change the internal URL  for all the virtual directory (OWA/Webservices/activesync/OAB) to webmail.testlab.com earlier and changed the autodiscoverinteruri to the  same.

    But only changing the owa virtual directory internal url and creating the "A" records in DNS should  be the solution to the issue I was having.

    Any comment on the above will be highly appreciated.

    Regards,

     

    Imrul

    Thursday, January 5, 2012 1:01 PM