Yeah. 443 is open internally. The OWA site is internal. Did I do the certificate process correctly? Here's what I did.
1. Setup Root CA in 2000 system outside of Firewall (Internet) 2. From IIS Directory Security tab clicked on Server Certificate 3. Created new certificate info and saved to txt file. 4. When to CA server and chose advanced options. 5. Copy & paste info from text file. 6. Authorized certificate 7. Went back and downloaded certificate 8. Imported this information into IIS site. I believe everything is working now. However, IS there a way to not get prompted to install or "trust" the certificate. Can I automate this process somehow for "Internal" users. Internal users do not have access to the Internet. The owa site is for "Internal" use and is on the LAN not the Internet. -----Original Message----- From: Tony Hlabse [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 13, 2001 2:51 PM To: Exchange Discussions Subject: Re: OWA 5.5 and SSL Sounds like you need to open port 443 to allow SSL to your IIS server hosting your OWA pages. ----- Original Message ----- From: "Murphy, Brian" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Tuesday, November 13, 2001 3:52 PM Subject: OWA 5.5 and SSL > I have setup a test OWA server on Exchange 5.5 and Windows 2000 OS. I > created two sites on the same server because I have two master domains. All > mailboxes are located on this one box. After modifying the registry and > changing a few files in each directory...everything works great. > > I installed a CA server on the outside of my firewall. I used this to > create a certificate which I subsequently imported into the IIS properties > for the root site. > > Internal users can connect to the site normally http: (I have not required > ssl yet) but when they connect using https: the browser hoses up. Most > users do not have access to the internet (past the firewall). > > I am just learning certificates. Does the internal user require access to > the Certificate Server on the outside of the firewall or can I somehow allow > them to get this from the webserver? > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
