RE: Issues with Security Alert Warning- OWA
- From: "AdrianB" <adrianb@xxxxxxxxxxxxxxxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Tue, 19 Oct 2004 11:42:04 +1000
> -----Original Message-----
> From: Jason Merrique [mailto:j.merrique@xxxxxxxxxxxxxxx]
> Sent: Tuesday, 19 October 2004 5:50 AM
> To: [ExchangeList]
> Subject: [exchangelist] RE: Issues with Security Alert Warning- OWA
>
> http://www.MSExchange.org/
>
> Hey Adrian,
>
> The name of the server specified in the Certificate should
> match the FQDN of the OWA you're using. Is this the case?
> E.g. if the name on the certificate is server.domain.com you
> should be accessing OWA using
> http://server.domain.com/exchange rather than say
> http://mail.domain.com.
>
> Regarding the authentication, I'm guessing that you don't
> have Forms Based Authentication enabled on your Exchange
> Server, and IE is authenticating automatically for you
> because you're logged on to a domain. Once you enable Forms
> Based Authentication, you'll be prompted for your username
> and password by an OWA login page.
>
> HTH,
>
> Jason Merrique
>
Hi Jason,
Thanks for your reply.
Regarding OWA over SSL- this problem has been rectified with a Windows
Update from the Windows Server.
I believe, and the results show this, that the Root CA does not have to have
the same CN as the server that you are securing, as the Root CA is used to
sign the certificates, I guess.
Regarding the FBA- again, thanks. You are right, I did not even think about
automatic authentication... Thanks for pointing me in the correct direction.
Now to set up FBA.
Cheers,
Adrian
> > -----Original Message-----
> > From: AdrianB [mailto:adrianb@xxxxxxxxxxxxxxxxxxxxxxx]
> > Sent: 15 October 2004 05:26
> > To: [ExchangeList]
> > Subject: [exchangelist] Issues with Security Alert Warning- OWA
> >
> > http://www.MSExchange.org/
> >
> >
> > Hi,
> >
> > Our setup:
> > 1 x Windows 2003 server DC, hosting Certificate Services.
> > 1 x Exchange 2003 server DC
> >
> > I have configured a self-signed cert for OWA access. I can
> access OWA
> > via HTTPS, however, when I access the page using the server name
> > (https://<server>/exchange), I receive a Security Alert where the
> > first and last items are Warnings. That is:
> >
> > Warning- The security certificate was issued by a company you have
> > chosen not to trust...
> > Ticked- The security certificate date is valid
> > Warning- The name on the security certifcate is invalid or does not
> > match...
> >
> > I reference the article on msexchange.org: SSL Enabling OWA
> > 2003 using your own Certificate Authority
> > (http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html)
> >
> > The second warning is entirely valid, however, I do not
> understand why
> > the RootCA is not accepted as a valid issuing authority
> (Warning 1) as
> > it is part of AD.
> > I have replicated AD using Sites and Services.
> >
> > The Common Name for the CA is "RootCA.<domain-name>"
> > The Common name for the exchange site is "mail.<domain-name>"
> >
> > Further, and this is not related to the SSL problem, but I am never
> > asked for my Username/password to access the page. An example is
> > shown in the msexchange.org document.
> >
> > Any help would be appreciated.
> >
> > Cheers,
> > Adrian
> >
> >
> > ------------------------------------------------------
> > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > World of Windows Networking:
> http://www.windowsnetworking.com Leading
> > Network Software Directory: http://www.serverfiles.com
> > No.1 ISA Server Resource Site: http://www.isaserver.org Windows
> > Security Resource Site:
> > http://www.windowsecurity.com/ Network Security Library:
> > http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> > http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this MSEXchange.org Discussion List
> > as: j.merrique@xxxxxxxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> > Report abuse to listadmin@xxxxxxxxxxxxxx
> >
>
> ------------------------------------------------------
> List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org
> Discussion List as: adrianb@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx
Other related posts:
