Question

Locked

SSL Education

By philldmc ·
I need some wisdom on understanding SSL and the "right" configuration for Exchange 2003 SP2.

My company host our website with a 3rd party vendor. Lets call website adam.org. I have an exchange 2003 server on my local area network, so the Exchange is a member of adam.local. I installed a self cert on my exchange server and its been ok, anytime you use OWA you get an error, and you can always choose to ignore and press on.

The actual cert warning is "The Security Certificate persented by this website was issued for a different website's address"

So how do I go about getting rid of that warning? Will I always get that warning with a self cert? If I was to install a new SSL cert on my exchange server does the new cert need to match the .local or the .org? does it need to match the name of the server instead of the domain? for example exchange.adam.local?

Plus any documents on how to install a 3rd party SSL on an Exchange server?

In addition, our boss wants to use a different domain name for our website, instead of adam.org they want to use eve.org but still have adam.org point to eve.org. How does this affect the SSL on the exchange if our email addresses is eve.org but our exchange is still a member of adam.local?

Any advice would be great, thanks.

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

yep you will always get the error with self cert

by CG IT In reply to SSL Education

to get rid of it on local machines, install the cert on each machine.

to determine what cert you need, .org or .net, view the cert and compare to the URL. The cert needs to match the URL domain designation.

Collapse -

So the cert needs to read

by philldmc In reply to yep you will always get t ...

So if I understand you correctly, the URL to my OWA is https://mail.adam.com/exchange the cert needs to match to what?

mail.adam.com/exchange
adam.com
mail.adam.com

Collapse -

Digital Signatures and Certificate Authority

by CG IT In reply to So the cert needs to read

I'm thinking mail.adam.com

the forward slash isn't part of a domain name.

The SSL certs are issued for FQDNs.

the SSL certs are for verifying digital signatures.

Back to Networks Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums