|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
certificate questionHello,
I set up OWA to our Exchange Server. I don't want to go to the expense of getting a "real" certificate but can't get it to work. If I go to https://server.mycompany.com/exchange I am getting the "There is a problem with this website's security certificate." page. If I click on "Continue to this website (not recommended). " and go into the site, I have the pink banner in IE. Then I click on certificate error to install the certificate. Whether I choose "Trusted Root Certification Authorities", Personal or automatically choose it still comes up as a bad certificate. This is so aggravating. i thought you could install a "fake" certificate as a Trusted Root Certificate and it would work. Any help would be most appreciated. Thanks! --GREG-- You need to install the certificate of the CA that issued the cert into your
Trusted Root Certification Authorities store. If this is a self-signed cert, then it's the same as the cert you are using. If you used a CA to sign the cert you are using for Exchange, then you need the CA's signing cert to be installed. The IE "wizard", unfortunately, doesn't really help in these situations. Cheers Ken Show quoteHide quote "SalemOR97301" <SalemOR97***@discussions.microsoft.com> wrote in message news:FC75EEDA-F6D8-4930-B2F8-A30FC46B6077@microsoft.com... > Hello, > > I set up OWA to our Exchange Server. I don't want to go to the expense of > getting a "real" certificate but can't get it to work. If I go to > https://server.mycompany.com/exchange I am getting the "There is a problem > with this website's security certificate." page. If I click on "Continue > to > this website (not recommended). " and go into the site, I have the pink > banner in IE. Then I click on certificate error to install the > certificate. > Whether I choose "Trusted Root Certification Authorities", Personal or > automatically choose it still comes up as a bad certificate. This is so > aggravating. i thought you could install a "fake" certificate as a Trusted > Root Certificate and it would work. Any help would be most appreciated. > Thanks! > > --GREG-- > > Hi Ken,
What do you mean by I need the CA's signing cert to be installed? Is there a web site you'd recommend that can walk me through step by step? I can't believe this is so persnickety. Thank You!! Show quoteHide quote "Ken Schaefer" wrote: > You need to install the certificate of the CA that issued the cert into your > Trusted Root Certification Authorities store. If this is a self-signed cert, > then it's the same as the cert you are using. If you used a CA to sign the > cert you are using for Exchange, then you need the CA's signing cert to be > installed. > > The IE "wizard", unfortunately, doesn't really help in these situations. > > Cheers > Ken > > -- > http://adopenstatic.com/blog > > "SalemOR97301" <SalemOR97***@discussions.microsoft.com> wrote in message > news:FC75EEDA-F6D8-4930-B2F8-A30FC46B6077@microsoft.com... > > Hello, > > > > I set up OWA to our Exchange Server. I don't want to go to the expense of > > getting a "real" certificate but can't get it to work. If I go to > > https://server.mycompany.com/exchange I am getting the "There is a problem > > with this website's security certificate." page. If I click on "Continue > > to > > this website (not recommended). " and go into the site, I have the pink > > banner in IE. Then I click on certificate error to install the > > certificate. > > Whether I choose "Trusted Root Certification Authorities", Personal or > > automatically choose it still comes up as a bad certificate. This is so > > aggravating. i thought you could install a "fake" certificate as a Trusted > > Root Certificate and it would work. Any help would be most appreciated. > > Thanks! > > > > --GREG-- > > > > > Hi,
This is just the basic way that PKI works. A CA (Certificate Authority) needs to be trusted by both parties. The way you trust a CA is by having their certificate installed in the Trusted Root CAs store (or Enterprise Trust Store or Intermediate CA Store - i.e. one of the CA stores). The CA uses their private key to "sign" any issued certificates. You have the public key (embedded in the CA's certificate in your CA store) and can thus verify the validity of any cert purported to be issued by the CA. So, if you set up your own CA (e.g. using Windows Certificate Services) and issued yourself a server authentication certificate, then you should get your CA's certificate and install it into your Trusted Root CA store on your client machine. If you created a self-signed certificate (e.g. using SelfSSL) then just install that cert into your Trusted Root CA store on your client machine. Cheers Ken Show quoteHide quote "SalemOR97301" <SalemOR97***@discussions.microsoft.com> wrote in message news:39593C0F-0329-4A2E-91CA-EC3E059C2B18@microsoft.com... > Hi Ken, > > What do you mean by I need the CA's signing cert to be installed? Is there > a > web site you'd recommend that can walk me through step by step? I can't > believe this is so persnickety. > > Thank You!! > > "Ken Schaefer" wrote: > >> You need to install the certificate of the CA that issued the cert into >> your >> Trusted Root Certification Authorities store. If this is a self-signed >> cert, >> then it's the same as the cert you are using. If you used a CA to sign >> the >> cert you are using for Exchange, then you need the CA's signing cert to >> be >> installed. >> >> The IE "wizard", unfortunately, doesn't really help in these situations. >> >> Cheers >> Ken >> >> -- >> http://adopenstatic.com/blog >> >> "SalemOR97301" <SalemOR97***@discussions.microsoft.com> wrote in message >> news:FC75EEDA-F6D8-4930-B2F8-A30FC46B6077@microsoft.com... >> > Hello, >> > >> > I set up OWA to our Exchange Server. I don't want to go to the expense >> > of >> > getting a "real" certificate but can't get it to work. If I go to >> > https://server.mycompany.com/exchange I am getting the "There is a >> > problem >> > with this website's security certificate." page. If I click on >> > "Continue >> > to >> > this website (not recommended). " and go into the site, I have the pink >> > banner in IE. Then I click on certificate error to install the >> > certificate. >> > Whether I choose "Trusted Root Certification Authorities", Personal or >> > automatically choose it still comes up as a bad certificate. This is so >> > aggravating. i thought you could install a "fake" certificate as a >> > Trusted >> > Root Certificate and it would work. Any help would be most appreciated. >> > Thanks! >> > >> > --GREG-- >> > >> > >>  
Other interesting topics
status code 200 logged in log file
Single Sign On Intranet Windows Username Authentication (ASP.NET) IIS 2003/IIS6 Permissions maze..... IIS Security - Default installations on Vista Securing virtual directories Why does IIS ask for a password when I type http://localhost? how do I manage IIS? Logs in Windows Server IIS and Public Internet Website |
|||||||||||||||||||||||
