I'm using Windows 2003 server IIS 6.0 and have questions concerning the iis
certificate wizard.
Exchange 2003 is also on this server.

I have one public ip address and plant to have our MX record pointed at it.

I am re-directing port 80 and 443 to this server by the firewall

I'm planning on using OWA (https) and RPC over https from the internet.

My questions:

1.  What do I use for the "common name" in the wizard?

     servername?
     servername.domain.com?
     mail.domain.com?
     or external ip address

2.  How can I test this before moving my MX record? Can I use my external ip
address/exchange?

3.  Once I get everything working, and my records moved, how can I connect
to iis?

     servername.domain.com?
     mail.domain.com?
     or external ip address

Thanks

Scott Houser

Question 1)
The certificate common name should match the name that the user is using to
connect to the server.

If the user is using https://mail.yourdomain.com then the common name should
be "mail.yourdomain.com".
If the user is using https://exchange then the common name should be
"exchange"

Question 2)
Yes, if you have your IIS server configured to accept connections as such

Question 3)
This depends entirely upon how you have
  - DNS configured
  - IIS configured

A browser connects to an IP address. The DNS name is just there to make it
easy for the user to remember. If the user types in "server.domain.com" then
in the DNS there must be an entry that points server.domain.com to your IP
address. Alternatively, if the user types in mail.domain.com there needs to
be an entry in the DNS that points mail.domain.com to your IP address.

Then, IIS needs to be configured to accept connections to the host
specified. By default IIS will accept any connection (regardless of host
header). But if you use host-headers, ensure that the relevant website (e.g.
Default Web Site) where your /exchange virtual directory is hosted is
configured to accept whatever host name the user is using.

Cheers
Ken


Show quoteHide quote

Thanks for the quick response

Here is my plan then.

I'll get my certificate based on the common name of: mail.domain.com

That way I'll be able to connect to my exchange server by entering (from the
internet)
by entering:

https://<public ip>/exchange

or

https://mail.domain.com/exchange

Have I got it right?

Thanks so much

Scott Houser

Hi,

You will be able to connect using https://mail.domain.com/exchange and you
will be able to use the IP address, however the end user will receive a
prompt warning them that the site name they are connecting to doesn't match
the one in the certificate.

Cheers
Ken

Show quoteHide quote

Do I really need a wild card certificate ?
Security of Webpage
Restricting IIS from serving static content
Iusr_Servername NetworkPrinter
Anonymous Account not working
Simple Anonymous Access question
IIS and enterpise sub CA on different machines
Communicator Web Access Authentication Not Working
run cgi in localhost without SSL?
BIN Directory being hidden automatically