[Message Prev][Message
Next][Thread Prev][Thread Next][Message
Index][Thread Index]
Re: Re: [OT] Managing Group Mail with Exchange 2003
Rob Mouser wrote:
> As a result my SSL cert is using the FQDN of the
>server internally and when I log on to the likes of OWA I can trust the
>issuer but always get "the name on the security certificate is
invalid or
>does not match the name of the site" security alert. From what
I've read its
>very fussy that the cert must be fully trusted or it doesn’t work.
>
Yep! spot on - if you cant get your certs to match then rpc over http is
a non starter. - The easy way to check is by getting a machine outside
your lan (on the wan even!) and to set your browser to
https://{externalip}/rpc$
If you get the padlock on your browser without any prompts for certs etc
then it /should/ work. If you get prompted about certs in any way then
its a non starter (oh - make sure the pc you use you havnt already
manualy trusted the cert!). The reason being - outlook cant answer
questions about certificates etc so it doesn't know what to do.
Oh, when you get the page up you will defineatly see a 404 error from
the browser as there isn't anything that you can access in this
directory but its MS's 'check method' to see if its working.
You need to get your cert to have either your public ip address in it
(as the dn? distinguishing name??) or external dns address. If you don't
want to use IP addresses then probably the easiest way (unless you can
get to edit your public DNS space) is to get a dyndns account set up
(www.dyndns.org). That way you can add hosts at will or just use a
wildcard (*.mydomain.com) - but you still need a cert to match.
Have a look at http://support.microsoft.com/kb/833401/
<-- has a few videos
or http://support.microsoft.com/default.aspx?scid=kb;en-us;827330
hth :)
Wayne.
UKHA_D Main Index |
UKHA_D Thread Index |
UKHA_D Home |
Archives Home
|