RE: Issues with Security Alert Warning- OWA

  • From: "Jason Merrique" <j.merrique@xxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 18 Oct 2004 20:50:01 +0100

Hey Adrian,

The name of the server specified in the Certificate should match the
FQDN of the OWA you're using. Is this the case? E.g. if the name on the
certificate is server.domain.com you should be accessing OWA using
http://server.domain.com/exchange rather than say
http://mail.domain.com.

Regarding the authentication, I'm guessing that you don't have Forms
Based Authentication enabled on your Exchange Server, and IE is
authenticating automatically for you because you're logged on to a
domain. Once you enable Forms Based Authentication, you'll be prompted
for your username and password by an OWA login page.

HTH,

Jason Merrique

> -----Original Message-----
> From: AdrianB [mailto:adrianb@xxxxxxxxxxxxxxxxxxxxxxx] 
> Sent: 15 October 2004 05:26
> To: [ExchangeList]
> Subject: [exchangelist] Issues with Security Alert Warning- OWA
> 
> http://www.MSExchange.org/
> 
> 
> Hi,
> 
> Our setup:
> 1 x Windows 2003 server DC, hosting Certificate Services.  
> 1 x Exchange 2003 server DC
> 
> I have configured a self-signed cert for OWA access. I can 
> access OWA via HTTPS, however, when I access the page using 
> the server name (https://<server>/exchange), I receive a 
> Security Alert where the first and last items are Warnings.  That is:
> 
> Warning- The security certificate was issued by a company you 
> have chosen not to trust...
> Ticked- The security certificate date is valid
> Warning- The name on the security certifcate is invalid or 
> does not match...
> 
> I reference the article on msexchange.org: SSL Enabling OWA 
> 2003 using your own Certificate Authority
> (http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html)
> 
> The second warning is entirely valid, however, I do not 
> understand why the RootCA is not accepted as a valid issuing 
> authority (Warning 1) as it is part of AD. 
> I have replicated AD using Sites and Services.
> 
> The Common Name for the CA is "RootCA.<domain-name>"
> The Common name for the exchange site is "mail.<domain-name>"
> 
> Further, and this is not related to the SSL problem, but I am 
> never asked for my Username/password to access the page.  An 
> example is shown in the msexchange.org document.
> 
> Any help would be appreciated.
> 
> Cheers,
> Adrian
> 
> 
> ------------------------------------------------------
> List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com 
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org 
> Windows Security Resource Site: 
> http://www.windowsecurity.com/ Network Security Library: 
> http://www.secinf.net/ Windows 2000/NT Fax Solutions: 
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org 
> Discussion List as: j.merrique@xxxxxxxxxxxxxxx To unsubscribe 
> visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
> 


Other related posts: