|
View unanswered posts | View active topics
It is currently Fri Jul 25, 2025 1:31 am
|
Page 1 of 1
|
[ 8 posts ] |
|
| Author |
Message |
|
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
|
 I am trying to get a working self-signed certificate working on our Exchange server. The server is in a local network (sb2003.company.local), but has port forwarding on the firewall pointing to it for the mail server (mail.company.de).
The current self-signed certificate is for sb2003.company.local, which is clearly wrong for devices trying to get an SSL connection to the mail server. Some devices/browsers say that the certificate is invalid, but let you continue, even though the SSL cert is for a totally different domain. Other devices refuse to accept a connection, because the domain is mail.company.de and the cert if for sb2003.company.local...
I tried creating a mail.company.de self-signed certificate on the server, but the OWA/EAS web services refused to start, because the certificate was invalid...
Long term, we will probably need to get a properly signed certificate from Versisign or similar, as we will need to start producing some signed macros etc. as well. But how the heck to I get around the problem in the short term, using a self-signed cert.
_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
| Sat Dec 11, 2010 2:38 pm |
 
|
|
|
tombolt
Spends far too much time on here
Joined: Fri Apr 24, 2009 8:38 am
Posts: 2967
Location: Dorchester, Dorset
|
Probably no help at all, but I just tell everyone to tell their computer to trust it and add an exception. There's only five of us though!
|
| Sat Dec 11, 2010 3:48 pm |
|
|
|
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
|
That's the problem, the devices won't accept the certificates. They say they are not only not officially signed, which you can get around and accept the certificate, but that the certificate belongs to the wrong domain. They won't let you override that...
_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
| Sun Dec 12, 2010 8:22 am |
|
|
|
tombolt
Spends far too much time on here
Joined: Fri Apr 24, 2009 8:38 am
Posts: 2967
Location: Dorchester, Dorset
|
Apologies, misunderstood, it's clearer now!
|
| Sun Dec 12, 2010 10:43 am |
|
|
|
rustybucket
I haven't seen my friends in so long
Joined: Thu Jun 18, 2009 5:10 pm
Posts: 5836
|
I know I'm being dumb but...
... would you not be better moving the server to something like sb2003.local.company.de?
I can feel the failhammer coming...
_________________Jim
|
| Sun Dec 12, 2010 11:38 am |
|
|
|
tombolt
Spends far too much time on here
Joined: Fri Apr 24, 2009 8:38 am
Posts: 2967
Location: Dorchester, Dorset
|
I have feeling that in kerio you can have more than one certificate and I would have thought exchange would be similar. Can't check at the moment though.
|
| Sun Dec 12, 2010 4:11 pm |
|
|
|
saspro
Site Admin
Joined: Thu Apr 23, 2009 5:53 pm
Posts: 8603
Location: location, location
|
Run the SBS internet connection wizard & create the new self cert in there (use the external name)
Save out your new cert to a file.
Setup your personal homail account on your win7 phone
Email the cert to your hotmail address
Install on the phone from the email you sent to yourself
Reboot the phone
Have a cup of tea and wonder why it had to be this much of a ballache
|
| Mon Dec 13, 2010 12:16 pm |
|
|
|
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm
Posts: 10691
Location: Bramsche
|
Thanks, I'll see I'll give it a go today, if I get a chance.
_________________
"Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
| Tue Dec 14, 2010 5:16 am |
|
|
|
|
Page 1 of 1
|
[ 8 posts ] |
|
Who is online |
Users browsing this forum: No registered users and 4 guests |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
|
|
