RE: Exchange SSL Connection warning message

From: Tosh, Michael J (N-Joule) (michael.j.tosh@lmco.com)
Date: 08/14/02


Date: Wed, 14 Aug 2002 12:48:08 -0400
From: "Tosh, Michael J (N-Joule)" <michael.j.tosh@lmco.com>
To: "'David Adams'" <dadams@johncrowley.co.uk>

The certificate may be addressed to your internal IP. What you need to do
is disconnect it from the network, change the ip and computername to match
what users will type in, make the certificate, then change the ip and
computername back. The ip you need to use is that of your NAT firewall.
Clients will map the certificate to what they THINK is your ip, and since
you are using NAT, it appears that the firewall is actually hosting the
cert. It should fix IE and outlook error messages. (Test it first, I have
not done it directly, only helped a friend trouble shoot it.)

-----Original Message-----
From: David Adams [mailto:dadams@johncrowley.co.uk]
Sent: Wednesday, August 14, 2002 9:15 AM
To: focus-ms@securityfocus.com
Subject: Exchange SSL Connection warning message

Hi List,

I have set up SSL on my exchange server which is sitting behind a DMZ
wirewall. Incoming POP3S requests are redirected with a NAT rule to the
exchange server. Everything is working fine but when i check mail with
Outlook or Outlook express i get a warning message that states "The server
that you are connected to is using a security certificate that does not
match it's internet address" I have searched technet and must be blind or
something because i cannot find an explanation for what is happening. I
think it's because i'm using my own enterprise root CA but how do i go about
telling my workstations that they can trust this certificate? I have tried
importing the certificate into my trusted certificates store in Internet
Explorer but that had no effect.

Thanks

Dave Adams