OWA certificate issue

TheMSsForum.com: The Microsoft Software Forum

Thanks to the well written tutorial on smallbizserver.net, I'm on the verge
of rolling out OWA. In my testing, I'm running into one issue that concerns
me though. When I type in the site address (123.456.789.1/exchange) The
certificate window pops up as expected. I click on the view certificate,
then on certification path (so I can install both certificates as described
in the tutorial) and the server IP is listed at the top with an exclamation
mark on it and the error "The issuer of this certificate was not able to be
found." Obviously since the it can't be found it can't be installed. I
thought maybe I put the certificate in an unreachable location on our
website, so I copied it to a location on another site I KNOW is accessible
and I get the same thing even after re-mapping the AIA line to the new
source. What could be going wrong with the certificates? I can get into OWA
just fine by clicking "Yes" on the do you want to proceed window, but I get
the warning everytime.

Any pointers?

Thanks everyone.
Top

Re: OWA certificate issue by Chad

Chad
Mon Jan 26 23:24:26 CST 2004

Hi IBC -

Are you sure that the CA certificate is accessible from the location
contained in the certificate you created? When you create a certificate, it
inherits the AIA settings from the certificate service at that time. If you
update the AIA info after the certificate was created, the certificate is
not updated with the new info. Perhaps create a new certificate and assign
it to the default website and see if that works . . .

--
Chad A. Gross [SBS-MVP]

SBS ROCKS!!!

"IBC" <it@ibcengineering.com> wrote in message
news:e72unHJ5DHA.632@TK2MSFTNGP12.phx.gbl...
> Thanks to the well written tutorial on smallbizserver.net, I'm on the
verge
> of rolling out OWA. In my testing, I'm running into one issue that
concerns
> me though. When I type in the site address (123.456.789.1/exchange) The
> certificate window pops up as expected. I click on the view certificate,
> then on certification path (so I can install both certificates as
described
> in the tutorial) and the server IP is listed at the top with an
exclamation
> mark on it and the error "The issuer of this certificate was not able to
be
> found." Obviously since the it can't be found it can't be installed. I
> thought maybe I put the certificate in an unreachable location on our
> website, so I copied it to a location on another site I KNOW is accessible
> and I get the same thing even after re-mapping the AIA line to the new
> source. What could be going wrong with the certificates? I can get into
OWA
> just fine by clicking "Yes" on the do you want to proceed window, but I
get
> the warning everytime.
>
> Any pointers?
>
> Thanks everyone.
>
>


Top

Re: OWA certificate issue by IBC

IBC
Tue Jan 27 09:12:03 CST 2004

I thought of this after I sent my message and went in to look at the
certificate. When you go to repeat the steps of creating a certificate, it
asks what I want to do with the current one, renew, remove or replace. I
assume I want to remove the current one, but after I do that will it allow
me the option of creating a new one? It currently lists 2 certificates, the
one I would have expected, and what appears to be the root certificate. (one
says for client access and the other is the one I created in the first step
of the certificate process in the tutorial)

Thanks!!


"Chad A Gross [SBS-MVP]" <chad.gross@laytonflower.nospam.com> wrote in
message news:#YID3WJ5DHA.2392@TK2MSFTNGP10.phx.gbl...
> Hi IBC -
>
> Are you sure that the CA certificate is accessible from the location
> contained in the certificate you created? When you create a certificate,
it
> inherits the AIA settings from the certificate service at that time. If
you
> update the AIA info after the certificate was created, the certificate is
> not updated with the new info. Perhaps create a new certificate and
assign
> it to the default website and see if that works . . .
>
> --
> Chad A. Gross [SBS-MVP]
>
> SBS ROCKS!!!
>
> "IBC" <it@ibcengineering.com> wrote in message
> news:e72unHJ5DHA.632@TK2MSFTNGP12.phx.gbl...
> > Thanks to the well written tutorial on smallbizserver.net, I'm on the
> verge
> > of rolling out OWA. In my testing, I'm running into one issue that
> concerns
> > me though. When I type in the site address (123.456.789.1/exchange) The
> > certificate window pops up as expected. I click on the view certificate,
> > then on certification path (so I can install both certificates as
> described
> > in the tutorial) and the server IP is listed at the top with an
> exclamation
> > mark on it and the error "The issuer of this certificate was not able to
> be
> > found." Obviously since the it can't be found it can't be installed. I
> > thought maybe I put the certificate in an unreachable location on our
> > website, so I copied it to a location on another site I KNOW is
accessible
> > and I get the same thing even after re-mapping the AIA line to the new
> > source. What could be going wrong with the certificates? I can get into
> OWA
> > just fine by clicking "Yes" on the do you want to proceed window, but I
> get
> > the warning everytime.
> >
> > Any pointers?
> >
> > Thanks everyone.
> >
> >
>
>


Top

UPDATE by IBC

IBC
Tue Jan 27 11:53:27 CST 2004

I found that the certenroll directory was not in an accessible location. Our
webhost mandates everything be inside certain folders, and with our FTP
client, it wasn't obvious we weren't putting it in the root of our web site.
(long story, but its fixed now anyhow....)

One last quick question I hope: We have gone ahead and purchased a domain
name for easy pointing to our server. Since the certificate was created
using the IP address that the new domain is pointing to, is there any need
to recreate any of the certificates? I'll field test it once the domain name
comes up, but I'd like to keep rolling on what I can in the mean time....

Thanks Again!!!


"IBC" <it@ibcengineering.com> wrote in message
news:e72unHJ5DHA.632@TK2MSFTNGP12.phx.gbl...
> Thanks to the well written tutorial on smallbizserver.net, I'm on the
verge
> of rolling out OWA. In my testing, I'm running into one issue that
concerns
> me though. When I type in the site address (123.456.789.1/exchange) The
> certificate window pops up as expected. I click on the view certificate,
> then on certification path (so I can install both certificates as
described
> in the tutorial) and the server IP is listed at the top with an
exclamation
> mark on it and the error "The issuer of this certificate was not able to
be
> found." Obviously since the it can't be found it can't be installed. I
> thought maybe I put the certificate in an unreachable location on our
> website, so I copied it to a location on another site I KNOW is accessible
> and I get the same thing even after re-mapping the AIA line to the new
> source. What could be going wrong with the certificates? I can get into
OWA
> just fine by clicking "Yes" on the do you want to proceed window, but I
get
> the warning everytime.
>
> Any pointers?
>
> Thanks everyone.
>
>


Top

Re: UPDATE by Chad

Chad
Tue Jan 27 21:59:37 CST 2004

Hi IBC -

Your certificiate should use whatever name is going to be used to access the
website. So for example, if you're going to be using
mail.yourdomain.com/exchange to access OWA, the certificate should be
created for mail.yourdomain.com. If the certificate is created for your
public IP, and you access the site via the FQDN, you'll get a security
warning that the name on the certificiate doesn't match the site . . .

--
Chad A. Gross [SBS-MVP]

SBS ROCKS!!!

"IBC" <it@ibcengineering.com> wrote in message
news:Ohx745P5DHA.1504@TK2MSFTNGP12.phx.gbl...
> I found that the certenroll directory was not in an accessible location.
Our
> webhost mandates everything be inside certain folders, and with our FTP
> client, it wasn't obvious we weren't putting it in the root of our web
site.
> (long story, but its fixed now anyhow....)
>
> One last quick question I hope: We have gone ahead and purchased a domain
> name for easy pointing to our server. Since the certificate was created
> using the IP address that the new domain is pointing to, is there any need
> to recreate any of the certificates? I'll field test it once the domain
name
> comes up, but I'd like to keep rolling on what I can in the mean time....
>
> Thanks Again!!!
>
>
> "IBC" <it@ibcengineering.com> wrote in message
> news:e72unHJ5DHA.632@TK2MSFTNGP12.phx.gbl...
> > Thanks to the well written tutorial on smallbizserver.net, I'm on the
> verge
> > of rolling out OWA. In my testing, I'm running into one issue that
> concerns
> > me though. When I type in the site address (123.456.789.1/exchange) The
> > certificate window pops up as expected. I click on the view certificate,
> > then on certification path (so I can install both certificates as
> described
> > in the tutorial) and the server IP is listed at the top with an
> exclamation
> > mark on it and the error "The issuer of this certificate was not able to
> be
> > found." Obviously since the it can't be found it can't be installed. I
> > thought maybe I put the certificate in an unreachable location on our
> > website, so I copied it to a location on another site I KNOW is
accessible
> > and I get the same thing even after re-mapping the AIA line to the new
> > source. What could be going wrong with the certificates? I can get into
> OWA
> > just fine by clicking "Yes" on the do you want to proceed window, but I
> get
> > the warning everytime.
> >
> > Any pointers?
> >
> > Thanks everyone.
> >
> >
>
>


Top