Default Certificate Remove for OWA from Exchange 2007
Hello..We have Exchange 2007 server installed on 1 server - when user type the OWA address http://abc.test.com he used get certificarte error - and once he click on ( Contiune to this website) he will be redirect to OWA page -- Since we dont have any certificate we would like to remove this error page when users type the OWA address -- and he should directly see the OWA login page ..So would you kindly assist me how can i do this ..Do i need to configure on IIS or in Exchange 2007 console ..Please help !!!Thanks
September 28th, 2009 10:40am
By default Exchange 2007 uses a self-signed certificate which will give you a certificate error, butOWA requires a valid third-party SSL certificate to remove this error. You can get 3rd party certificate from anyone of the external CA...
Certificate Use in Exchange Server 2007
http://technet.microsoft.com/en-us/library/bb851505.aspx
Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com
Free Windows Admin Tool Kit Click here and download it now
September 28th, 2009 11:24am
Thanks for your email - how about if we change the setting in IIS and remove the SSL or slect Basic authentication?secondly how can i genegrate the local certificate ?? can i do it through IIS ? since i am not much familer with these stuff ...Thanks
September 28th, 2009 2:57pm
In Exchange 2007 OWA doesn't work without SSL. You need to have PKI infrastructure to generate certificate from local CA but I guess it would be more costly compare to buying a third-party SAN certificate...Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com
Free Windows Admin Tool Kit Click here and download it now
September 29th, 2009 7:44am
HI, agreed with amit and bear in mind Exchange 2007 self signed certificate will expire after 1 year. Then you have to re-enable that certificate. Create a certificate for your exchange server requesting the certificate from your internal certification authority and install it into your exchange server (default 2 years valid).Please see similar thread.OCS 2007: Certificate with multiple FQDN's regards
Chinthaka Shameera | MCITP: EA | MCSE: M |
http://howtoexchange.wordpress.com/
September 29th, 2009 8:13am
Thanks for your reply - well as i mention that we have very small network - and we dont have any CA server where we can generate the certificate.. How can if we can genetrate the certificate from powershell within Exchanger server ?? if YES then kindly send me the resources or step how i can generate the certificate..Secondly kindly send me a gmlipmse perhabs the step guide how to generate the certificate...thanks to all for your assistnaceThanks
Free Windows Admin Tool Kit Click here and download it now
September 29th, 2009 6:26pm
HI, you can configure internal CA on any windows 2003 or windows 2008 domain member server. Then generate Exchange certificate via Exchange management shell and request new certificate from internal root ca.after that you should able to Import the certificate to exchange which you have download from Internal root CA. I have mentioned below step by step articles for both instances.Example CMdlet for generate CANew-ExchangeCertificate -GenerateRequest - Domainname mail.demo.com, ServerName.internal.com, autodiscover.demo.com, ServerName -FriendlyName mail.demo.com -PrivateKeyExportable: $True -path c:\Cert.reqExample CmdLet for import certificate to Exchange Import-ExchaneCertificate -path c:\hdhdh.cer | Enable-ExchangeCertificate -Services IIS, SMTPResourcesCreate Certificate for Exchange 2007 Servers using Windows CA
Install Windows Server 2003 CA
Securing Exchange Server 2007 Client Access
Regards
Chinthaka Shameera | MCITP: EA | MCSE: M |
http://howtoexchange.wordpress.com/
September 29th, 2009 7:00pm
Thanks dear for your glipmse !!! well here i am bit confused with the cmd - since i am not soo expert with Exchange PowerShell... would you kindly let me know what i have to type in the bold letters ServerName.internal.com : What server name i have to give is it should be the exchange server ??autodiscover.demo.com: what i have to give here "demo" is should be servername of Exchange server ?New-ExchangeCertificate -GenerateRequest - Domainname mail.demo.com, ServerName.internal.com, autodiscover.demo.com, ServerName -FriendlyName mail.demo.com -PrivateKeyExportable: $True -path c:\Cert.reqcert.req : Once i iniciate this cmd i will be getting the certificate in the c:\ drive ??Would you kindly give me an example with these names:Exchange Servername: SERVEROWA Address: mail.server.comDomainName: abcYour assistance please...Thanks
Free Windows Admin Tool Kit Click here and download it now
September 30th, 2009 2:10pm
HI, ServerName.internal.com : What server name i have to give is it should be the exchange server ?? Microsoft recommends addingExchange server's FQDN and server nameautodiscover.demo.com: what i have to give here "demo" is should be servername of Exchange server? Demo.com means your external domain like contoso.comcert.req : Once i iniciate this cmd i will be getting the certificate in the c:\ drive ?? yesPlease look at the below command. I have added additional example names there to easy understand.
Exchange Server name: - Server
External OWA address:-mail.contoso.com
External domain name:-Contoso.com
Internal domain Name:-abc.local
External autodoscover name: - autodiscover.contoso.comExample Cmdlet:-
New-ExchangeCertificate -GenerateRequest - Domainname mail.contoso.com, server.abc.local, autodiscover.contoso.com, Server -FriendlyName COntoso.com certificate -PrivateKeyExportable: $True -path c:\Cert.req
MeanwhileDigicert has great tool to create this request. I suggest you to use this tool as well.
Exchange 2007 SSL CSR Command Wizard
Regards
Chinthaka Shameera | MCITP: EA | MCSE: M |
http://howtoexchange.wordpress.com/
September 30th, 2009 2:45pm
Thanks for your reply -- well my manager agreed to purchase the third party SSL certificate -- I was trying with thwate site and while purchase its asking me to inout "CSR" file -- so would you kindly let me know how can i genetrate from my exchange server ??Thanks
Free Windows Admin Tool Kit Click here and download it now
October 12th, 2009 2:33pm
HICSR mean certificate request.I have mentioned in above post how to create certificate request.http://technet.microsoft.com/en-us/library/bb851505.aspxregards
Chinthaka Shameera | MCITP: EA | MCSE: M | http://howtoexchange.wordpress.com/
October 12th, 2009 2:37pm
The issue is resolved in the following thread:http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/560950c6-526a-45c6-8b8c-9e2d6f6ade3c
Free Windows Admin Tool Kit Click here and download it now
October 14th, 2009 5:32am