Using Publ;ic SSL Cert on CAS servers

Hello all,

We've got 2x exchange 2007 front end servers configured to use CAS and HT 
roles setup in an NLB cluster.

To secure PDA's and OWA we've purchased from Entrust 2x Public Certificates 
to install on both servers.
We've installed one of the certs on one node to test but when connecting to 
the node to use OWA we have the same error regarding having a certificate 
error.  Is there anything else required to make this work?  Our SAN names on 
the certs have only FQDN names of the servers and NLB cluster, do we need a 
single label name on the cert for this to work?.

Any help much appreciated. 


0
Andrew
11/13/2009 2:02:40 PM
exchange.admin 57650 articles. 2 followers. Follow

2 Replies
1027 Views

Similar Articles

[PageSpeed] 31

Does the certificate's name or one of its subject alternative names (SANs) 
match the server name in the URL you're using?  Does your client trust the 
issuing authority?  If you enter just the server name, not the fqdn, then 
that has to be a SAN as well.
-- 
Ed Crowley MVP
"There are seldom good technological solutions to behavioral problems."
..

"Andrew Story" <andrewDOTstoryATjameswalkerDOTbiz> wrote in message 
news:ugA83nGZKHA.4992@TK2MSFTNGP02.phx.gbl...
> Hello all,
>
> We've got 2x exchange 2007 front end servers configured to use CAS and HT 
> roles setup in an NLB cluster.
>
> To secure PDA's and OWA we've purchased from Entrust 2x Public 
> Certificates to install on both servers.
> We've installed one of the certs on one node to test but when connecting 
> to the node to use OWA we have the same error regarding having a 
> certificate error.  Is there anything else required to make this work? 
> Our SAN names on the certs have only FQDN names of the servers and NLB 
> cluster, do we need a single label name on the cert for this to work?.
>
> Any help much appreciated.
> 

0
Ed
11/14/2009 7:10:11 AM
On Fri, 13 Nov 2009 14:02:40 -0000, "Andrew Story"
<andrewDOTstoryATjameswalkerDOTbiz> wrote:

>Hello all,
>
>We've got 2x exchange 2007 front end servers configured to use CAS and HT 
>roles setup in an NLB cluster.
>
>To secure PDA's and OWA we've purchased from Entrust 2x Public Certificates 
>to install on both servers.
>We've installed one of the certs on one node to test but when connecting to 
>the node to use OWA we have the same error regarding having a certificate 
>error.  Is there anything else required to make this work?  Our SAN names on 
>the certs have only FQDN names of the servers and NLB cluster, do we need a 
>single label name on the cert for this to work?.

Was your certificate issued by a secondary (intermediate) CA? Do you
have the intermediate CA in your certificate store on the CAS?

Do the devices connect directly to the CAS or do they connect to some
other device (ISA, load balancer, etc.) that may be terminating the
SSL connection?

Try this URL and see if it points to any problems:
http://www.digicert.com/help/
---
Rich Matheisen
MCSE+I, Exchange MVP
0
Rich
11/14/2009 4:34:30 PM
Reply:

Similar Artilces:

Using Document Hyperlinks in Email Publications
I thought I had read somewhere that you could use hyperlinks to documents in your email publications (where the documents are not saved on a web server). I was under the impression that the documents sort of "upload" and give the reader the option to "open" or "save" them. Is there a trick to doing this, if it is possible at all? Thanks You could "attach" the document to your email. In the body of the email give a statement, i.e., See attached file. Before sending the email, click on the Attach icon on the tool bar at the top which will give y...

How do I use a name in a range reference in excel?
I have a excel file that has a table with columns for each month of the year, and has many charts showing the row data for the range from january to whatever the current month is. How can I use a name such as "current_month" in the range reference for the chart rather than a specific column reference that has to be changed in multiple places each month? I'd like to just update the name in one place and have the charts automaitcally show the proper range. Hi, You will find some information here, http://peltiertech.com/Excel/Charts/Dynamics.html http://www.tushar-mehta.co...

When i have to use Doc/View Architecture and Dialog-based Application??
Hi All, We can create dialog-based application in doc/view architecture also. But what is the need of going to dialog based application separately??? Thanks in advance Regards, Selva You use dialog-based apps when you need dialog-based apps. You use doc/view apps when the concept of document and view apply. There's no real mystery involved. You choose whatever appears to make sense for your application. Note that there is no such thing as a "dialog-based application in doc/view architecture". There *is* "CFormView-derived views", but a CFormView is *not* a dia...

Lost original message when using outlook web access
I often use web access when travelling to get my work emails. When forwrdign and replying to emails, I always have the orginal email in tact and as part of the reply. However, when accessing from home on the internet, I lose the orginal email so that when I reply or forward there's nothing there. I also can't paste or copy into or from the message body. Is this problem easily fixed. Jim Assuming Outlook 2000 - though something like this will probably work for every version ... it just might not be in the same menu location. Go to Tools - Options - Preferences - Email option...

Mail wont delete from server
i recently started using WLM for my comcast email account on my new laptop with windows 7. the problem i have is that when i delete my messages from within WLM it does NOT remove them from my comcast mail account. the mail continues to build up until the box is full and i can revieve no more mail. My windows xp computer with outlook mail client was able to remove it from the serever. is there a setting i am overlooking to accomplish this? otherwise it defeats the purpose of using WLM if i still have to log on to comcast to purge all the mail. thanks for any help ! Tools | Ac...

SQL Server 2005 Rename Instance Name
Is it possible to rename SQL Server 2005 instance name without creating a new instance within SQL Server? Please help me with this issue. Joe K. Joe K. (JoeK@discussions.microsoft.com) writes: > Is it possible to rename SQL Server 2005 instance name without creating a > new instance within SQL Server? This looks promising: http://www.google.se/#hl=sv&source=hp&q=rename+instance+sql+server+2005&btnG=Google-s%C3%B6kning&meta=&aq=0&oq=rename+instance+&fp=29d270bf3c638d82 -- Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se Links...

Contact uses
Am studying towards my 284 exam and am confused as i thought i understood the uses of contacts but the below has thrown me. I thought you must not use contacts for internal users as the messages bounce when setting up the contact does it matter which mail address you use "do you have to use the comany.com to list it in ad so it delivers inbound mail" answer states use two mail addresses in contact if i add 10 addresses to the contact will they all receive a copy of the message sent to brian@company.com automatically. QUESTION: your company subcontracts a consultant named bria...

Server collation and Database collation must be same?
Hi All, I am wondering whether SQL Server Server collation and Database collation must be same? When running Headquarters Client to connect to HQ Server, I got a "Cannot resolve collation conflict for equal to operation." error. Server collation is SQL_Latin1_General_CP850_BIN and Database collation is SQL_Latin1_CP1_CI_AS. TIA Kaibin "Kaibin" <kaibin@nospam.nospam> ha scritto nel messaggio news:%23b$IBN9vEHA.2568@TK2MSFTNGP11.phx.gbl... > Hi All, > > I am wondering whether SQL Server Server collation and Database collation > must be same? > Whe...

Mail Server or Domain banned?
How can I find out if my mail server has been banned or if the administrator banned my domain name? Not enough info to go on. Are you running your own mail server? What makes you think it's been blacklisted? Are you getting bounce messages/NDRs? Rob wrote: > How can I find out if my mail server has been banned or if the > administrator banned my domain name? No, we are talking POP mail. I'm afraid a system administrator might be sabotaging me. Any email sent from mydomain.com is rejected by saiddomain.com. I think the system administrator blocked mydomain.com from saiddo...

Passing Pointers using PostMessage
I would like to send data accross threads using PostMessage and passing pointers to the data as parameters. I know I can do this but I am concerned with memory leaks. Am I 100% guaranteed to recieve all these messages? Is there anyway that these messages could get lost in the windows event loop without my handler function being called to clean up the memory? Thanks in advance, James Well I use this tecnique heavily in my applications and have never experienced any message loss as far as I know (as distinct from PostThreadMessage). James Lennon wrote: > I would like to send data ...

Using Frx and email
This may be long so bear with me. I have multiple questions. I am using lotus notes for email. I found another thread that talked about instructions using lotus notes that I plan to test out. However, I had other questions. 1. I am assuming that I can select any output option when using the email function in FRx. For example, if I selected the drill down viewer, the recipient would need the viewer installed on their PC. However, if I selected formatted XLS, they could open it with their excel application. Let me know if I'm wrong on this theory. 2. My question is about cha...

Using excel as a data base
How to create names and addresses in EXCEL that can be used in a mail merge in Word One row per record. Each field in a separate cell/column. It's much easier to combine fields than it is to separate them correctly. You may want to read some tips for mailmerge: http://www.mvps.org/dmcritchie/excel/mailmerg.htm http://www.mvps.org/word/FAQs/MailMerge The first is from David McRitchie and the second is by Beth Melton and Dave Rado. Nan wrote: > > How to create names and addresses in EXCEL that can be used in a mail merge > in Word -- Dave Peterson ...

Payee Matching using Memo Field?
Note sure if this is specific to BofA, or if I'm just missing something.I am using MS Money Deluxe 2004, but also had same prob with 2000 When I download ofx (problems with qif also) statements the Payee or <name> is truncated to 32 char which normally I wouldnt care since money only allows 32 char in the payee feild. Problem is my transactions in the OFX are like this: <NAME>INTERLINK NETWORK TRANS ****** O <MEMO>INTERLINK NETWORK TRANS ****** ON 07-03 CUSTOMER ******** PAYMENT TO ACME Is it possible to auto match Payees using...

Problem with MS DTC on SQL2008 win server 2k8 with linked server from sql2000 wi
Hi, We have migrated our db from sql2000 win server 2k to sql2008 win server 2k8. We have linked server from sql2000 win server 2k. By our opinion the problem is with DTC and we have made a lot of setting that we found as solution for our problem, but still the problem exist. There is no any error or worning or information niether in the sql log nor in win event viewer. The application is hanging out and at the end the time out exception is shown. What we have done till now: 1. Enable Network DTC Access with inbound and outbound with No Authentication Required on win 2k8 2. We ...

Exchange 2010 Hub/CAS
I am in the process of transitioning from Exchange 2003 SP2 to Exchange 2010. I've set up 2 servers running Exchange 2010 with combined Hub Transport and Client Access roles. I am using Windows Load Balancing for the CAS array. My understanding is that the Hub Transport roles will automatically load balance. In front of these servers I have a firewall and an email filtering server. The firewall routes all SMTP traffic to the email filter server. The email filter server then routes allowed mail to my existing Exchange 2003 front-end server, which then delivers the mail to the ...

Move Exchange server
Can someone point me to a KB article that covers the steps that need to be taken to move an exchange server to a different OU. I understand that the System Attendant service must be restarted. Unless I have microsoft documentation stating that it's O.K. to move the OU, I won't be able to do it. Thank you! On Tue, 17 May 2005 05:58:07 -0700, "Exchange help" <Exchangehelp@discussions.microsoft.com> wrote: >Can someone point me to a KB article that covers the steps that need to be >taken to move an exchange server to a different OU. I understand that the &...

Oultook and sql-server
Dear All, I never have written code in Outlook! My native workspace is Access and Excel. How can I reply an email after surching the sql-database. The emails are recogniced by fixed subject as 'OrderStatus 123654789' or 'OrderDelDate 123456789'. The code should run on each incomming email. HOW ??? ( Chech the subject > [searching database] > [Reply answer]) The hole process should be automated, no action or checks of anybody! Simple reply as 'OrderDelDate 123456789 = 12/12/2006' (Searching the database in no problem) I could do it from access using the timer-ev...

Re-installing IMS on Exchange Server 5.5
Hi! I deleted the Internet Mail Service (IMS) from my exchange server because I wanted to try to set it up from scratch again. The only problem is that when I choose File-New Other-Internet Mail Service and go through the steps, it gives me an error msg at the last step where I fill in the password for the service-account that runs the Microsoft Exchange Directory-service. I know I'm typing the correct password and I have even tried to change the user and use the correct password for this other user. I still keep getting the error msg saying: "Logon Failure: unknown username or bad p...

OWA with SSL Enabled
We're running OWA on a 2000 Server box, it has been work fine until we enabled SSL. Now users can not access from the outside our domain. Within our domain, or any .mil domain it works fine. Any suggestions? First thing first: Verify you are allowing port 443 inbound on the firewall to that server. On Fri, 7 May 2004 12:31:24 -0700, "Mark" <anonymous@discussions.microsoft.com> wrote: >We're running OWA on a 2000 Server box, it has been work >fine until we enabled SSL. Now users can not access from >the outside our domain. Within our domain, or an...

To make fields invisible using Dexterity Utilities
Hello I know we could use Windows propoerties to make fields visible or invisible on a Window in a form. I understand we could use Dexterity Utilities to make the fields visible or invisible to user. Could anyone say how to do it Dexterity Utilities is not the correct tool to hide fields from a user. You can do this using Modifier, VBA, Field Level Security or Dexterity. Dexterity can either use triggers or you can create an alternate window. David Musgrave [MSFT] Senior Development Consultant Escalation Engineer MBS Support - Asia Pacific Microsoft Business Solutions http://www.mi...

OWA and multiple Exchange Servers
Hi, I'll first sketch my situation: 3 Exchange-servers (exch1,2 and 3), all in the same domain but on differtent locations. Local Domain Name is clientname.local. On one of the servers OWA is configured. Problem: I want all users to use exch1 as their OWA server, regardless of on wich server they actually have their mailbox. It works fine now for users on exch1.clientname.local (wich also has an external DSN entry on the internet (https://companyname.nl/exchange)), but as soon as users that exist on any of the other servers try to log in they get redirect to eg. http://exch2.clientname....

Failover Exchange Servers
If I have an Exchange 2000/2003 server located at a colo and another Exchange Server 2000/2003 server located in my building, can Exchange be configured so that any email that comes to my company, would hit the first server and then forward a copy to the Exchange server that is sitting in my building? The users would have their default be the Exchange Server at the building but if something were to go happen, power outage etc, I could change their setting to point to the Exchange server that is located at the colo and they could continue running with access to all their email, etc? I know th...

Virtual user supports in exchange server (a email account without actually creating a email account)
I want to provide email service to my customer, but I don't want to create real user account and email account for each one. for example, I want to assign email like xyz123@mycompany.com to my customer, but I don't really have a email account named "xyz123" setup for it. Still, I want to be able to look at all the new email in the exchange server and extract those emails and doing somework accordingly. Does anyone know if Exchange server support this feature? If not, any other window based email server support it? Thank you so much for the help.. --Xin Chen In news:...

which fax program do I use?
I'm running windows 2000 and outlook 2000. windows comes with a fax (NT fax from memory), but it doesn't work with my version of outlook 2000 as it's "email only". a) Is there a way of changing outlook to permit the fax? or b) Is there another fax program that I could/should use? Peter Maybe the fax software that usually comes with the modem - asuming you have a dial up modem not cable. "peter" <peter.jennifer@gmail.com> wrote in message news:1166203871.236229.313840@79g2000cws.googlegroups.com... > I'm running windows 2000 and outlook 2000. w...

use front-end as a back-end temporarily
I need to do some maintenance on our Exchange back-end server. My thought was to change our front-end server to a back-end and simply move the mailboxes and public folders [small] to it so I can then take down the main back-end server for maintenance. Will this work OK? Is there a better solution that does not involve buying a new box? Is there a guide with step by step instructions? -- Sharingly yours... What maintanance do you need to do ? Easiest way would be to schedule downtime or is this not feasible ? Other option is if you are using Outlook 2003 cached mode is to have everyo...