[isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
- From: "Klosa, Bill" <BKlosa@xxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 29 Jan 2009 23:13:15 -0600
http://www.ISAserver.org
-------------------------------------------------------
We have seen similiar things with Windows Mobile device that required
the manual addition of the intermediate certificate on the mobile
device to validate without error.
Bill
Sent from my iPhone
On Jan 29, 2009, at 10:05 PM, "Andy Haigh" <ahaigh@xxxxxxxxxxxxxxxx>
wrote:
> http://www.ISAserver.org
> -------------------------------------------------------
>
> I went to a similar site as www.certificatesforexchange.com called
> www.domainsforexchange.com but I think in my haste I have purchased
> the
> wrong one and therefore my windows 6 mobile devices won't work. The
> iPhones are working as they don't seem to care to much about the
> certificate.
>
> I have purchased the Standard SSL Multiple Domain (UCC) when I think I
> should have purchased either the Deluxe or Premium SSL variant. Please
> could someone advise if this is correct. When I browse owa from IE7
> it
> connects quite happily but from the mobile device it tells me that
> "The
> certificate was issued by a company you have chosen not to trust"
> which
> tells me that Windows Mobile 6 doesn't know about these certificates.
>
> Thanks
>
> Andy
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx
> ]
> On Behalf Of Han Valk
> Sent: Thursday, 29 January 2009 11:56 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Do you have a stand-alone CAS and HT, or are these roles combined?
> For a stand-alone CAS and HT you need 2 different certs.
> Will you use Autodiscover? If yes do you want SSL for this service?
> What DNS suffixes do you use for email? I had a customer that uses
> abc.local
> for AD; def.tld for webmail and xyz.tld for SMTP and no split DNS.
> All this influences the values for CN and SAN's in your cert.
>
> have a look here: https://www.digicert.com/easy-csr/exchange2007.htm
> And here: http://www.certificatesforexchange.com
>
> Han.
>
>
>> -----Original Message-----
>> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Andy Haigh
>> Sent: Wednesday, 28 January, 2009 02:53
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
>>
>> Can you recommend an SSL vendor that provides SAN Certs that will
> work.
>>
>>
>>
>> Some I have looked at say Single Server, would that cause a problem
> with
>> the cert needing to be on both the Exchange and ISA server?
>>
>>
>>
>> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Steve Moffat
>> Sent: Wednesday, 28 January 2009 11:38 AM
>> To: ISA Mailing List
>> Subject: [isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
>>
>>
>>
>> You need a SAN cert.
>>
>>
>>
>> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Andy Haigh
>> Sent: Tuesday, January 27, 2009 8:28 PM
>> To: ISA Mailing List
>> Subject: [isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
>>
>>
>>
>> OK, after reading the documents I have a question regarding using a
>> commercial SSL certificate.
>>
>>
>>
>> With the command (using Tom's example) used to request the
> certificate:
>>
>> New-ExchangeCertificate -GenerateRequest -SubjectName
>> "DC=msfirewall.org, DC=com, O=msfirewall, CN=owa.msfirewall.org" -
>> DomainName owa.msfirewall.org, smtp.msfirewall.org,
>> autodiscover.msfirewall.org, msfirewall.org,
> exch2007mb.msfirewall.org,
>> exch2007mb -FriendlyName "Microsoft Exchange 2007" -Path
> c:\mailcert.req
>>
>> I assume I will be required to purchase a wildcard certificate for
> this
>> to work or can I just purchase a single certificate such as
>> owa.domain.com?
>>
>>
>>
>> If they bought a single cert would this still allow them to use owa,
> RPC
>> over HTTPS and activesync? Would it break things like internal
>> autodiscover in Outlook 2007?
>>
>>
>>
>> Thanks
>>
>>
>>
>> Andy
>>
>>
>>
>> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Jim Harrison
>> Sent: Tuesday, 27 January 2009 4:56 PM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
>>
>>
>>
>> There are no process changes to ISA that are specific to Exchange SP1
>> publishing.
>>
>> .
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Andy Haigh
>> Sent: Monday, January 26, 2009 4:46 PM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] ISA 2006 SP1 and Exchange 2007 SP1
>>
>>
>>
>> Hi,
>>
>> I am just researching configuring publishing Exchange 2007 SP1
> services
>> via ISA2006 SP1 and have started reading Tom's articles which I
> believe
>> are based on the pre SP1 versions of both Exchange and ISA Server.
>> Are
>> there any differences to the way you would proceed with the setup
> using
>> SP1 versions and if so are there any updated documents covering a SP1
>> product install.
>>
>>
>>
>> Thanks
>>
>>
>>
>> Andy
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
