RE: Exchange SSL Connection warning message

From: Tosh, Michael J (N-Joule) (michael.j.tosh@lmco.com)
Date: 08/14/02


Date: Wed, 14 Aug 2002 12:48:08 -0400
From: "Tosh, Michael J (N-Joule)" <michael.j.tosh@lmco.com>
To: "'David Adams'" <dadams@johncrowley.co.uk>

The certificate may be addressed to your internal IP. What you need to do
is disconnect it from the network, change the ip and computername to match
what users will type in, make the certificate, then change the ip and
computername back. The ip you need to use is that of your NAT firewall.
Clients will map the certificate to what they THINK is your ip, and since
you are using NAT, it appears that the firewall is actually hosting the
cert. It should fix IE and outlook error messages. (Test it first, I have
not done it directly, only helped a friend trouble shoot it.)

-----Original Message-----
From: David Adams [mailto:dadams@johncrowley.co.uk]
Sent: Wednesday, August 14, 2002 9:15 AM
To: focus-ms@securityfocus.com
Subject: Exchange SSL Connection warning message

Hi List,

I have set up SSL on my exchange server which is sitting behind a DMZ
wirewall. Incoming POP3S requests are redirected with a NAT rule to the
exchange server. Everything is working fine but when i check mail with
Outlook or Outlook express i get a warning message that states "The server
that you are connected to is using a security certificate that does not
match it's internet address" I have searched technet and must be blind or
something because i cannot find an explanation for what is happening. I
think it's because i'm using my own enterprise root CA but how do i go about
telling my workstations that they can trust this certificate? I have tried
importing the certificate into my trusted certificates store in Internet
Explorer but that had no effect.

Thanks

Dave Adams



Relevant Pages

  • Re: Trying to get RPC over HTTP for Outlook working
    ... the certificate was issued to is *.some.domain. ... I have a similar situation, my domain is company.local, server ... Enable the Exchange server as an RPC/HTTPS backend server. ... testing from the internet. ...
    (microsoft.public.outlook.installation)
  • Re: Beating Up On Microsoft...
    ... > While everyone is busy beating up on Microsoft... ... > It might be a good idea to look at the Internet as a whole. ... > Verifiable Certificate to properly identify the owner. ... > of Authentication, Encryption, etc. to protect the communication. ...
    (microsoft.public.security)
  • Re: What are the differences between the certificates *.pfx *.p12 *.cer *.crt *.spc *.p7b ??
    ... To find the latest possible Internet drafts, ... Personal Information Exchange Syntax Standard, ... 2560 X.509 Internet Public Key Infrastructure Online Certificate ...
    (comp.security.misc)
  • Re: ADFS and Certificate Services
    ... ADFS even allows you to do client certificate ... Joe Kaplan-MS MVP Directory Services Programming ... We just want to be able to give out certs to our own ... sub-CA on the internet for employees to access remotely to get certs. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Outlook RPC over HTTp deosnt work
    ... If the certificate is not trusted, ... when you try to use RPC over HTTP to connect the Exchange Server. ... we don't have to manually configure RPC over HTTP. ... Make sure you have enabled "Outlook over the Internet" and "Remote Web ...
    (microsoft.public.windows.server.sbs)