OWA on E2k3 / S2k3

LaminiLamini Member Posts: 242 ■■■□□□□□□□
Was just told to implement SSL on OWA today... needless today I got couple "real" IT people and we ended up talking about online RPG addictions instead as we got tired to deal with OWA.

We have not found a site that, in a test environment, after setting up server/exchange on a test local domain, guides this process. OWA http works perfect, but once SSL got involved, it got hairy. I did this before somehow/magically last year and of course, youd think you remember how you did it... but that isnt the case

From what i understand, Certificates are involved to make this happen. Not sure exactly how, but you make one, then... /shrugs, issue it to yourself /shrugs.... blah blah. then somehow bring that to your default sites on IIS... then... .... /snores..

Anyone have experience on this? Please to PM/post if able, i kinda needed this resolves yesterday. Once I run https my browser gets the 440 timeout error.. i spent all day looking that up and none of those fixes applied.

Thanks!
CompTIA: A+ / NET+ / SEC+
Microsoft: MCSA 2003

Comments

  • blargoeblargoe Self-Described Huguenot NC, USAMember Posts: 4,174 ■■■■■■■■■□
    This article is pretty good:

    Configure SSL on OWA

    From where are you getting the certificate? Internal CA? Commercial provider?
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • LaminiLamini Member Posts: 242 ■■■□□□□□□□
    blargoe wrote: »
    This article is pretty good:

    Configure SSL on OWA

    From where are you getting the certificate? Internal CA? Commercial provider?

    thanks for the link there, i actually printed that one yesterday, followed it, still in same place. This is just for local purposes, internal... though Ive read online that it is "more cost efficient" to buy an online one... and after all the hours Ive put into this, im starting to see.
    CompTIA: A+ / NET+ / SEC+
    Microsoft: MCSA 2003
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    So do you also have an internal CA? It'd help if you provided more details.

    Just curious, why are you worried about SSL internally? How large of an organization is it? Are you worried about people sniffing traffic and obtaining passwords?
  • LaminiLamini Member Posts: 242 ■■■□□□□□□□
    dynamik wrote: »
    So do you also have an internal CA? It'd help if you provided more details.

    Just curious, why are you worried about SSL internally? How large of an organization is it? Are you worried about people sniffing traffic and obtaining passwords?

    Its a customer requirement. Yes, I believe the CA is internal, this is a closed loop environment. Just need a system that can run on its own (standalone).

    I remember doing this last year and once I made the certificate, i had to open up CA MMC and do some funky stuff to it and import it to IIS default website then was able to have users use SSL OWA, I believe I also had to rig IE to convert some certs as well to make this work
    CompTIA: A+ / NET+ / SEC+
    Microsoft: MCSA 2003
  • RobertKaucherRobertKaucher A cornfield in OhioMember Posts: 4,299 ■■■■■■■■■■
    Can you post some screen shots of how your IIS is configured. I would like to see the dialog for Directory "Security -> Secure Communications -> Edit" and "Authentication and access control -> Edit"

    If require ssl is not enforced can you access OWA via http?
  • LaminiLamini Member Posts: 242 ■■■□□□□□□□
    Can you post some screen shots of how your IIS is configured. I would like to see the dialog for Directory "Security -> Secure Communications -> Edit" and "Authentication and access control -> Edit"

    If require ssl is not enforced can you access OWA via http?

    http = perfect.

    I went back couple images and now right after exchange sp2 install :P. No OWA, no CA, etc...
    CompTIA: A+ / NET+ / SEC+
    Microsoft: MCSA 2003
  • LaminiLamini Member Posts: 242 ■■■□□□□□□□
    Environment = standalone system; 1 S2K3 sp2 Std servern+ E2K3 sp2; no updates; a handful of client machines running XP

    symptoms = OWA works, Exchange mail works, people logged on to domain is ok

    Problem=getting SSL implemented in OWA.

    solution = looking for a simple guide on how to configure Certificates (creating, exporting, and everything else related) to enable secure OWA in STANDALONE system

    ps, assume i know nothing, other than getting a server up and running standard email. yes, DNS/AD is set up

    domain (INTERNAL ONLY environment) is RIS.LOCAL.

    name of server is RISSERVER.

    this is internal only, test environment, closed loop, i need to be able to issue my own certificates...

    procedure :

    1 CA : install certificate cervices from add/remove programs > windows components; CA Type=Enterprise root CA>Common Name=RISSERVER (?)>Default cert database settings>.

    2 Now what?
    CompTIA: A+ / NET+ / SEC+
    Microsoft: MCSA 2003
  • LaminiLamini Member Posts: 242 ■■■□□□□□□□
    SSL Enabling OWA 2003 using your own Certificate Authority

    I used this guide, several times. However, there is a missing step; and is the key to why it did not work the previous times, and after making sense of things/research, i got it working. Basically, Enabling SSL on the Default Website section, after enabling SSL and 128bit encryption, it does not mention what to apply it to! When you get to the screen that states what to apply it to, do not select all, and just highlight Exchange and press OK, thats all that needs to be added on that guide which would otherwise be perfect. I am not good at pretending I know what I really dont know about, but the jist is, implying SSL on the other items (why they would be there as options, gets me, but im new to all this) is what screws it up.

    Thanks for the helps. SSL+OWA=OK
    CompTIA: A+ / NET+ / SEC+
    Microsoft: MCSA 2003
Sign In or Register to comment.