I need some help with certificates, OWA's and Exchange 2007
-
- New ITRCA Member
- Posts: 40
- Joined: August 12th, 2005, 11:56 am
I need some help with certificates, OWA's and Exchange 2007
As the title states I am in need of help on a certificate issue. I work for a small 13 person company and tackle the IT issues when they arrise. I do not have an IT background but I am learning quicly. If anyone could help me out I would really appreciate it.
Whenever we open our Outlook we have to click 'OK' on two screens that warn us about security and certificates. Whenever we access our OWA from inside or outside the domain we get a certificate error. Or even if I go to our firewalls gui 'https://192.168.1.1' I get a warning about a certificate error.
What is going on here?? Please help.
Whenever we open our Outlook we have to click 'OK' on two screens that warn us about security and certificates. Whenever we access our OWA from inside or outside the domain we get a certificate error. Or even if I go to our firewalls gui 'https://192.168.1.1' I get a warning about a certificate error.
What is going on here?? Please help.
-
- Half way to a cool title.
- Posts: 2371
- Joined: September 5th, 2006, 9:39 pm
- Location: Strip Club Capital, North Carolina
Re: I need some help with certificates, OWA's and Exchange 2
I replied on tkh, but essentially you have to request certs for that server, I'm not sure if you're running OWA and exchange on the same box or not.
certificates can get confusing but this sounds like a straight forward one.
For internal users you could stand up a certificate authority internally, make it a trusted root authority via group policy on all workstations and request/approve/import certificate.
But since you have OWA I would request them from a public certificate authority such as verisign or something of the likes.
certificates can get confusing but this sounds like a straight forward one.
For internal users you could stand up a certificate authority internally, make it a trusted root authority via group policy on all workstations and request/approve/import certificate.
But since you have OWA I would request them from a public certificate authority such as verisign or something of the likes.
WTB: Gunmetal USDM ITR Wheels
-
- Site Admin
- Posts: 1023
- Joined: September 11th, 2002, 1:42 pm
- Location: At Helltrack doing backflips
- Contact:
Re: I need some help with certificates, OWA's and Exchange 2
What steve said. I'd also suggest the public CA. We use Digicert now instead of Verisign for ours.
-Dave
Some DC2s and a pimp Grand Marquis
Some DC2s and a pimp Grand Marquis
-
- New ITRCA Member
- Posts: 40
- Joined: August 12th, 2005, 11:56 am
Re: I need some help with certificates, OWA's and Exchange 2
What is public CA??
-
- Half way to a cool title.
- Posts: 2371
- Joined: September 5th, 2006, 9:39 pm
- Location: Strip Club Capital, North Carolina
Re: I need some help with certificates, OWA's and Exchange 2
places like verisign, godaddy, etc...jfults2000 wrote:What is public CA??
WTB: Gunmetal USDM ITR Wheels
-
- New ITRCA Member
- Posts: 40
- Joined: August 12th, 2005, 11:56 am
Re: I need some help with certificates, OWA's and Exchange 2
I see, I continued this issue on htkh by the way.
-
- Half way to a cool title.
- Posts: 2371
- Joined: September 5th, 2006, 9:39 pm
- Location: Strip Club Capital, North Carolina
Re: I need some help with certificates, OWA's and Exchange 2
Yeah, I caught that. And I do apologize that you have to deal with certs if IT work isn't your primary function, I've been doing this shit for years and cringe when I have to do certificate nonsense.
WTB: Gunmetal USDM ITR Wheels
-
- New ITRCA Member
- Posts: 40
- Joined: August 12th, 2005, 11:56 am
Re: I need some help with certificates, OWA's and Exchange 2
It is just the tip of the ice burg my friend. I am half way through a BESX install that i'm stuck on and a few months ago the owner dropped off a SonicWall firewall on my desk and said here get this going. It is way different than the Linsys and WatchGuard I set up before. I am about 90% done setting the SonicWall up and i'm stuck.
So I have more questions if I ever get through this certificate shit. Thanks again for all the help.
So I have more questions if I ever get through this certificate shit. Thanks again for all the help.
-
- Site Admin
- Posts: 1023
- Joined: September 11th, 2002, 1:42 pm
- Location: At Helltrack doing backflips
- Contact:
Re: I need some help with certificates, OWA's and Exchange 2
I administered and implemented SonicWALL's for years (Pro 4060s with the Enhanced OS). PM me or email me (dave-at-itrca.com) with any questions you have and I'll try to remember all of that stuff. I've been using Cisco ASAs now for awhile instead so unfortunately I don't have a working sonicwall to go through the screens, but I'll do my best from memory.
Since I don't visit tekh, don't bother PMing there Steve got you through the SSL stuff I assume?
Since I don't visit tekh, don't bother PMing there Steve got you through the SSL stuff I assume?
-Dave
Some DC2s and a pimp Grand Marquis
Some DC2s and a pimp Grand Marquis
-
- Site Admin
- Posts: 1023
- Joined: September 11th, 2002, 1:42 pm
- Location: At Helltrack doing backflips
- Contact:
Re: I need some help with certificates, OWA's and Exchange 2
Oh, and no experience with blackberry stuff here, we use Good Messaging instead and use non-BB devices (generally Palm phones with Windows Mobile, although likely switching to iPhone 4th gens and/or androids in June/July...)
-Dave
Some DC2s and a pimp Grand Marquis
Some DC2s and a pimp Grand Marquis
-
- Half way to a cool title.
- Posts: 2371
- Joined: September 5th, 2006, 9:39 pm
- Location: Strip Club Capital, North Carolina
Re: I need some help with certificates, OWA's and Exchange 2
phew, I'm of no help on the FW side, I do a little bit of ironport proxy/smtp gateway stuff and our network guys handle our actual firewalls... Also worthless with the BB's. LOL, I think we're moving to iPhones too... the boss made a mention on how he liked them and then everybody starts scrambling figuring out how to get it done. But I'm sure if he requested a rocket pack there would be a prototype developed by lunch, that's the power of being a 3 star equivalent and a SEAL.
I should be able to get him squared away with the cert stuff, or at least in the correct direction it's hard to do when not in person. I put up all of the powershell request commands on tkh, fortunately it was fresh in my brain as I just had to request 12 the other day.
I should be able to get him squared away with the cert stuff, or at least in the correct direction it's hard to do when not in person. I put up all of the powershell request commands on tkh, fortunately it was fresh in my brain as I just had to request 12 the other day.
WTB: Gunmetal USDM ITR Wheels
-
- New ITRCA Member
- Posts: 40
- Joined: August 12th, 2005, 11:56 am
Re: I need some help with certificates, OWA's and Exchange 2
I do really appreciate all your guys help. I had one more question over on tkh that hopefully steve can answer and i'll run the comand in powershell. Once the cert issue is over then i'll tackle the sonicwall issue. We are using a TZ200 and my main issue right now is getting my OWA accessable from outside the domain. I have the CRM accessable from the outside with a NAT but for some reason the OWA will not work.
-
- Site Admin
- Posts: 1023
- Joined: September 11th, 2002, 1:42 pm
- Location: At Helltrack doing backflips
- Contact:
Re: I need some help with certificates, OWA's and Exchange 2
Are you accessing the Exchange server directly, or using an app proxy lika ISA? Assuming you are accessing the exchange server directly, you'll need address objects setup for the LAN (private) ip and the WAN (public) ip, NAT rules inbound and outbound for the required services (HTTPS [tcp 443]) for OWA with SSL, NAT rule for firewalled subnets, and then an access rule for WAN->LAN for src any, dest OWA private (or public, can't remember which it liked anymore), services HTTPS.
The easiest with those devices is just to use the public server wizard. If that still fails, do the following tests:
1. Test OWA access through the private IP address.
2. Test OWA access from the LAN to the public IP address.
3. Test OWA access from the outside to the public IP address.
Depending on that information, you'll likely have to install a sniffer to see where the traffic starts to fail. PM me the public IP for OWA if you want me to test it from outside. Also, you are NATing to a different IP that's currently not used by anything else correct? Especially one that's different from the public IP address used by the firewall?
The easiest with those devices is just to use the public server wizard. If that still fails, do the following tests:
1. Test OWA access through the private IP address.
2. Test OWA access from the LAN to the public IP address.
3. Test OWA access from the outside to the public IP address.
Depending on that information, you'll likely have to install a sniffer to see where the traffic starts to fail. PM me the public IP for OWA if you want me to test it from outside. Also, you are NATing to a different IP that's currently not used by anything else correct? Especially one that's different from the public IP address used by the firewall?
-Dave
Some DC2s and a pimp Grand Marquis
Some DC2s and a pimp Grand Marquis
-
- New ITRCA Member
- Posts: 40
- Joined: August 12th, 2005, 11:56 am
Re: I need some help with certificates, OWA's and Exchange 2
I will have to get back to you on all this. We have it set up just like the functioning CRM NAT.
-
- New ITRCA Member
- Posts: 40
- Joined: August 12th, 2005, 11:56 am
Re: I need some help with certificates, OWA's and Exchange 2
The OWA works from inside the domain it is access from outside the domain through the public IP that we are having an issue. I will try and get some screen shots of the setup to help out.
-
- Half way to a cool title.
- Posts: 2371
- Joined: September 5th, 2006, 9:39 pm
- Location: Strip Club Capital, North Carolina
Re: I need some help with certificates, OWA's and Exchange 2
I can understand it's failure right now.... get those certs issued and we'll see what happens.jfults2000 wrote:The OWA works from inside the domain it is access from outside the domain through the public IP that we are having an issue. I will try and get some screen shots of the setup to help out.
WTB: Gunmetal USDM ITR Wheels
-
- New ITRCA Member
- Posts: 40
- Joined: August 12th, 2005, 11:56 am
Re: I need some help with certificates, OWA's and Exchange 2
The thing is the OWA works fine outside the domain with our current Linksys firewall but when I switch over to the SonicWall it fails.itrsteez wrote:I can understand it's failure right now.... get those certs issued and we'll see what happens.jfults2000 wrote:The OWA works from inside the domain it is access from outside the domain through the public IP that we are having an issue. I will try and get some screen shots of the setup to help out.
-
- New ITRCA Member
- Posts: 40
- Joined: August 12th, 2005, 11:56 am
Re: I need some help with certificates, OWA's and Exchange 2
Here are the Address objects I set up for Public and Private IP's
-
- New ITRCA Member
- Posts: 40
- Joined: August 12th, 2005, 11:56 am
Re: I need some help with certificates, OWA's and Exchange 2
Currently this firewall is not inplace because it is not fully functional so we can not test it right now. I make changes during the day then come in early in the morning to switch to the SonicWall and see if the changes work.
current linksys setup
current linksys setup
-
- Site Admin
- Posts: 1023
- Joined: September 11th, 2002, 1:42 pm
- Location: At Helltrack doing backflips
- Contact:
Re: I need some help with certificates, OWA's and Exchange 2
Josh, I'm going to email you. I removed your images from your post.
-Dave
Some DC2s and a pimp Grand Marquis
Some DC2s and a pimp Grand Marquis
-
- New ITRCA Member
- Posts: 40
- Joined: August 12th, 2005, 11:56 am
Re: I need some help with certificates, OWA's and Exchange 2
Ok, I wondered if it was safe or not.
-
- Site Admin
- Posts: 1023
- Joined: September 11th, 2002, 1:42 pm
- Location: At Helltrack doing backflips
- Contact:
Re: I need some help with certificates, OWA's and Exchange 2
I doubt it's a big concern here, but no reason to leave them up. I just sent you a fairly large email
-Dave
Some DC2s and a pimp Grand Marquis
Some DC2s and a pimp Grand Marquis
-
- New ITRCA Member
- Posts: 40
- Joined: August 12th, 2005, 11:56 am
Re: I need some help with certificates, OWA's and Exchange 2
Received and responded.
-
- Site Admin
- Posts: 1023
- Joined: September 11th, 2002, 1:42 pm
- Location: At Helltrack doing backflips
- Contact:
Re: I need some help with certificates, OWA's and Exchange 2
:thumbup:
-Dave
Some DC2s and a pimp Grand Marquis
Some DC2s and a pimp Grand Marquis
-
- New ITRCA Member
- Posts: 40
- Joined: August 12th, 2005, 11:56 am
Re: I need some help with certificates, OWA's and Exchange 2
I don't know how I got signed up for this shit.