Trusted Cert Woes on SBS 2008
|
Prev: Exchange edge server to interface with SBS 2008?
Next: How to delete an UPDATE in Progress ALERT?
From: Les Connor [SBS MVP] on 30 Sep 2009 17:18 Good stuff, thanks Ace. I'm the guy that's never used a 3rd party cert, ever, with SBS ;-). Always used the self signed certs, and always able to make them do. Worst case is locked mobile devices, but that's worked around by converting the cert to a ..cab file. -- ----------------------------------------------- Les Connor [SBS MVP] "Ace Fekay [MCT]" <aceman(a)mvps.RemoveThisPart.org> wrote in message news:#hk4S5gQKHA.3296(a)TK2MSFTNGP04.phx.gbl... > "Bill Glidden" <bill(a)glidden.net.au> wrote in message > news:eggAprYQKHA.4004(a)TK2MSFTNGP04.phx.gbl... >> Les Connor [SBS MVP] wrote: >>> ps, you can change remote.blah.blah to office.blah.blah in the SBS >>> wizard by selecting the 'advanced' button. 'remote' is the default >>> prefix. >>> >> Oh, and Les, I can now see and select the Trusted cert in the Wizard. I >> can also see the for GoDaddy certs that I installed during the saga. All >> have type=unknown. AND no more Outlook Security nags. >> >> Thanks for helping me sort this and pointing me in the general direction >> of SBS Console, Advanced Mode! >> >> Cheers, >> Bill > > > Les, with an Exchange UC/SAN certificate, you can add those names into one > cert. The one certificate will allow multiple names added into the > certificate in what's called a subjective alternate names list. Once > you've purchased, or have your current certs modified or combined into one > certificate by GoDaddy (Exchange can use a single cert with multiple names > and they should be able to combine all of them into one for you and > pro-rate the price), you can use the Exchange PowerShell Commands to add > the services the cert will be used for. > > Read the following for more info. I also just added a step-by-step in the > blog, today, to illustrate how to request and import the new cert, as well > as how to enable the use of the cert for other services, such as IIS, > SMTP, IMAP, POP, etc. Enabling it for IIS will work for what you want, as > long as the names that you need, such as rww.domain.com, > office.domain.com, or whatever else you need, is in the certificate > subject alternate names list. The manual methods work with SBS 2008, too. > > Exchange 2007 UC/SAN Certificate > http://msmvps.com/blogs/acefekay/archive/2009/08/23/exchange-2007-uc-san-certificate.aspx > > > -- > Ace > > This posting is provided "AS-IS" with no warranties or guarantees and > confers no rights. > > Please reply back to the newsgroup or forum for collaboration benefit > among responding engineers, and to help others benefit from your > resolution. > > Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA > Messaging > Microsoft Certified Trainer > > For urgent issues, please contact Microsoft PSS directly. Please check > http://support.microsoft.com for regional support phone numbers. >
From: Les Connor [SBS MVP] on 30 Sep 2009 17:18 no worries, we're all in this together ;-) -- ----------------------------------------------- Les Connor [SBS MVP] "Ace Fekay [MCT]" <aceman(a)mvps.RemoveThisPart.org> wrote in message news:OIybw5gQKHA.3908(a)TK2MSFTNGP04.phx.gbl... > "Bill Glidden" <bill(a)glidden.net.au> wrote in message > news:eggAprYQKHA.4004(a)TK2MSFTNGP04.phx.gbl... >> Les Connor [SBS MVP] wrote: >>> ps, you can change remote.blah.blah to office.blah.blah in the SBS >>> wizard by selecting the 'advanced' button. 'remote' is the default >>> prefix. >>> >> Oh, and Les, I can now see and select the Trusted cert in the Wizard. I >> can also see the for GoDaddy certs that I installed during the saga. All >> have type=unknown. AND no more Outlook Security nags. >> >> Thanks for helping me sort this and pointing me in the general direction >> of SBS Console, Advanced Mode! >> >> Cheers, >> Bill > > > I meant to address my last post to Bill, not Les. Sorry.... >
From: Ace Fekay [MCT] on 1 Oct 2009 00:47 "Les Connor [SBS MVP]" <les.connor(a)DEL.cfive.ca> wrote in message news:uYfMlOhQKHA.1232(a)TK2MSFTNGP05.phx.gbl... > no worries, we're all in this together ;-) Cool, yes we are! :-) Thanks!
From: Ace Fekay [MCT] on 1 Oct 2009 00:55 "Les Connor [SBS MVP]" <les.connor(a)DEL.cfive.ca> wrote in message news:%23aogTOhQKHA.5068(a)TK2MSFTNGP05.phx.gbl... > Good stuff, thanks Ace. > > I'm the guy that's never used a 3rd party cert, ever, with SBS ;-). Always > used the self signed certs, and always able to make them do. Worst case is > locked mobile devices, but that's worked around by converting the cert to > a .cab file. > For my own Ex2007, I never bought a public cert, but I haven't any cases where I would need it. When connecting to OWA, I would just click on the trust this cert message. However, I just replaced my BB with an HTC Touch Pro 2 I picked up last night. Cool phone. Screen's a hair larger than the iPhone, brighter, too! However, it's Windows Mobile. Guess what? Cert issue time! So instead of dealing with the cert, I thought let me just get a single name cert (non UC/SAN) and see if it works. Since I set this domain up back in 1999 when AD first came out, the mindset and consensus was to use your public name, so I never changed that. It's only me and a few people that use the domain. So I figured, what the heck, a single name cert would work internally and externally for mail.mydomain.com, and I have the same record created internally. Well, the thing worked fine with the Windows mobile. It synched up fine. It also works fine for my OWA site, since you can enable that in Exchange to use the cert for other purposes other than just internally, such as for IIS, SMTP, IMAP and POP. However, I know I will have an issue with Outlook Anywhere due to the Autodiscover record, but I don;t use that anyway. If it comes down to it, and I need that function, I will dish out the extra $$ for a UC/SAN cert. And here I am using a single cert for limited capabilities, but I keep pushing to get a UC/SAN cert to my customers. I figured if they ever need the other functionality, I don;t want to deal with installing certs on their mobile units, or some of their remote employees that hardly come into the office and are using Outlook Anywhere. I guess you can call me the landscaper with the tallest lawn on the block! :-) Ace
From: Bill Glidden on 1 Oct 2009 09:14 Ace Fekay [MCT] wrote: > "Les Connor [SBS MVP]" <les.connor(a)DEL.cfive.ca> wrote in message > news:%23aogTOhQKHA.5068(a)TK2MSFTNGP05.phx.gbl... >> Good stuff, thanks Ace. >> >> I'm the guy that's never used a 3rd party cert, ever, with SBS ;-). Always >> used the self signed certs, and always able to make them do. Worst case is >> locked mobile devices, but that's worked around by converting the cert to >> a .cab file. >> > > For my own Ex2007, I never bought a public cert, but I haven't any cases > where I would need it. When connecting to OWA, I would just click on the > trust this cert message. However, I just replaced my BB with an HTC Touch > Pro 2 I picked up last night. Cool phone. Screen's a hair larger than the > iPhone, brighter, too! However, it's Windows Mobile. Guess what? Cert issue > time! So instead of dealing with the cert, I thought let me just get a > single name cert (non UC/SAN) and see if it works. Since I set this domain > up back in 1999 when AD first came out, the mindset and consensus was to use > your public name, so I never changed that. It's only me and a few people > that use the domain. So I figured, what the heck, a single name cert would > work internally and externally for mail.mydomain.com, and I have the same > record created internally. Well, the thing worked fine with the Windows > mobile. It synched up fine. It also works fine for my OWA site, since you > can enable that in Exchange to use the cert for other purposes other than > just internally, such as for IIS, SMTP, IMAP and POP. However, I know I will > have an issue with Outlook Anywhere due to the Autodiscover record, but I > don;t use that anyway. If it comes down to it, and I need that function, I > will dish out the extra $$ for a UC/SAN cert. And here I am using a single > cert for limited capabilities, but I keep pushing to get a UC/SAN cert to my > customers. I figured if they ever need the other functionality, I don;t want > to deal with installing certs on their mobile units, or some of their remote > employees that hardly come into the office and are using Outlook Anywhere. > > I guess you can call me the landscaper with the tallest lawn on the block! > :-) > > Ace > > Thanks for all the good info, Ace. :) Bill
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: Exchange edge server to interface with SBS 2008? Next: How to delete an UPDATE in Progress ALERT? |