Re: Exchange SSL Connection warning message

From: Deus, Attonbitus (Thor@HammerofGod.com)
Date: 08/14/02 

Date: Wed, 14 Aug 2002 10:01:30 -0700
To: "David Adams" <dadams@johncrowley.co.uk>, <focus-ms@securityfocus.com>
From: "Deus, Attonbitus" <Thor@HammerofGod.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 06:14 AM 8/14/2002, David Adams wrote:
>Hi List,
>
>I have set up SSL on my exchange server which is sitting behind a DMZ
>wirewall. Incoming POP3S requests are redirected with a NAT rule to the
>exchange server. Everything is working fine but when i check mail with
>Outlook or Outlook express i get a warning message that states "The server
>that you are connected to is using a security certificate that does not
>match it's internet address" I have searched technet and must be blind or
>something because i cannot find an explanation for what is happening. I
>think it's because i'm using my own enterprise root CA but how do i go
>about telling my workstations that they can trust this certificate? I have
>tried importing the certificate into my trusted certificates store in
>Internet Explorer but that had no effect.

If I understand the question correctly, I think you will have to add a DNS
host record that resolves the FQDN to the external address in your mx
record. So, if your exchange server is jcmain.johncrowley.co.uk with an
internal address of 10.1.1.1 but resolves externally to 195.173.133.35 or
whatever, then they won't match up. I would have thought that the FDQN
listed in the certificate as the host name would fix that, but without
additional information as to what ver of exchange you are running and such,
it is hard to make that determination.

Can you give a bit more information?

AD

  
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPVqM6ohsmyD15h5gEQJ/wgCg84amm0ox2EUz26QgJAXMhwkfgpAAnRYG
+QjghIEx4IyP1E83Ws/9bp2O
=ddgq
-----END PGP SIGNATURE-----

Relevant Pages

  • Re: Trying to get RPC over HTTP for Outlook working
    ... the certificate was issued to is *.some.domain. ... I have a similar situation, my domain is company.local, server ... Enable the Exchange server as an RPC/HTTPS backend server. ... testing from the internet. ...
    (microsoft.public.outlook.installation)
  • RE: Smartphones can not connect to server
    ... I'm assuming you're trying to use Exchange 2003 Activesync with your Windows ... Exchange server, its probably not an issue with ISA Server. ... access it outside the office via a GPRS internet connection. ... My mobile device has the self issued root certificate for my CA installed ...
    (microsoft.public.isa)
  • Re: Trying to get RPC over HTTP for Outlook working
    ... A wildcard certificate shows that the name the ... I have a similar situation, my domain is company.local, server name is ... Enable the Exchange server as an RPC/HTTPS backend server. ... from the internet. ...
    (microsoft.public.outlook.installation)
  • Re: Lost in a sea of information (SSL Configuration)
    ... Run Microsoft Exchange Server Best Practices Analyzer Today ... > to configure SSL on my Exchange Server in order for users to access OWA ... > using https, but apparently I'm not doing something right. ... > fields for the certificate creation. ...
    (microsoft.public.exchange2000.admin)
  • Re: Newbie needs help fixing OWA on Exchange 2003
    ... If so then the IIS virtual directories might be messed up. ... completed so they could issue the certificate. ... I did open and forward port 443 ... to the Exchange server on the LAN. ...
    (microsoft.public.exchange.admin)