[isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
- From: "Andy Haigh" <ahaigh@xxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Fri, 30 Jan 2009 15:14:19 +1100
http://www.ISAserver.org
-------------------------------------------------------
I went to a similar site as www.certificatesforexchange.com called
www.domainsforexchange.com but I think in my haste I have purchased the
wrong one and therefore my windows 6 mobile devices won't work. The
iPhones are working as they don't seem to care to much about the
certificate.
I have purchased the Standard SSL Multiple Domain (UCC) when I think I
should have purchased either the Deluxe or Premium SSL variant. Please
could someone advise if this is correct. When I browse owa from IE7 it
connects quite happily but from the mobile device it tells me that "The
certificate was issued by a company you have chosen not to trust" which
tells me that Windows Mobile 6 doesn't know about these certificates.
Thanks
Andy
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Han Valk
Sent: Thursday, 29 January 2009 11:56 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
http://www.ISAserver.org
-------------------------------------------------------
Do you have a stand-alone CAS and HT, or are these roles combined?
For a stand-alone CAS and HT you need 2 different certs.
Will you use Autodiscover? If yes do you want SSL for this service?
What DNS suffixes do you use for email? I had a customer that uses
abc.local
for AD; def.tld for webmail and xyz.tld for SMTP and no split DNS.
All this influences the values for CN and SAN's in your cert.
have a look here: https://www.digicert.com/easy-csr/exchange2007.htm
And here: http://www.certificatesforexchange.com
Han.
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Andy Haigh
> Sent: Wednesday, 28 January, 2009 02:53
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
>
> Can you recommend an SSL vendor that provides SAN Certs that will
work.
>
>
>
> Some I have looked at say Single Server, would that cause a problem
with
> the cert needing to be on both the Exchange and ISA server?
>
>
>
> From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Steve Moffat
> Sent: Wednesday, 28 January 2009 11:38 AM
> To: ISA Mailing List
> Subject: [isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
>
>
>
> You need a SAN cert.
>
>
>
> From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Andy Haigh
> Sent: Tuesday, January 27, 2009 8:28 PM
> To: ISA Mailing List
> Subject: [isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
>
>
>
> OK, after reading the documents I have a question regarding using a
> commercial SSL certificate.
>
>
>
> With the command (using Tom's example) used to request the
certificate:
>
> New-ExchangeCertificate -GenerateRequest -SubjectName
> "DC=msfirewall.org, DC=com, O=msfirewall, CN=owa.msfirewall.org" -
> DomainName owa.msfirewall.org, smtp.msfirewall.org,
> autodiscover.msfirewall.org, msfirewall.org,
exch2007mb.msfirewall.org,
> exch2007mb -FriendlyName "Microsoft Exchange 2007" -Path
c:\mailcert.req
>
> I assume I will be required to purchase a wildcard certificate for
this
> to work or can I just purchase a single certificate such as
> owa.domain.com?
>
>
>
> If they bought a single cert would this still allow them to use owa,
RPC
> over HTTPS and activesync? Would it break things like internal
> autodiscover in Outlook 2007?
>
>
>
> Thanks
>
>
>
> Andy
>
>
>
> From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Jim Harrison
> Sent: Tuesday, 27 January 2009 4:56 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: ISA 2006 SP1 and Exchange 2007 SP1
>
>
>
> There are no process changes to ISA that are specific to Exchange SP1
> publishing.
>
> .
>
>
>
>
>
>
>
>
>
>
>
> From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Andy Haigh
> Sent: Monday, January 26, 2009 4:46 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] ISA 2006 SP1 and Exchange 2007 SP1
>
>
>
> Hi,
>
> I am just researching configuring publishing Exchange 2007 SP1
services
> via ISA2006 SP1 and have started reading Tom's articles which I
believe
> are based on the pre SP1 versions of both Exchange and ISA Server. Are
> there any differences to the way you would proceed with the setup
using
> SP1 versions and if so are there any updated documents covering a SP1
> product install.
>
>
>
> Thanks
>
>
>
> Andy
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
