Hi,
we are using SBS2003 with outlook web access and active sync.
I have been trying to make working certificate with more or less success.
How should it be made.
Our sbs domain is with suffix .local. We have a public IP address for our
server.
I can connect to OWA with public IP address. But how should the certificate
be made so I can use OMA in my mobile phone in this case?
Hi,
Are you connecting to OWA over HTTPS (SSL)?
The problem with some phones is that they will not allow (at least by
default) to see the pages protected with certificates that they do not
trust. So the simple solution is to buy a certificate from commercial CA
server like Thawte or VeriSign.
--
Mike
Microsoft MVP - Windows Security
"Juha Kalliola"
news:E9F7DD53-C84C-4E6D-BC9D-F414AC4B6F27@microsoft.com...
> Hi,
>
> we are using SBS2003 with outlook web access and active sync.
> I have been trying to make working certificate with more or less success.
>
> How should it be made.
> Our sbs domain is with suffix .local. We have a public IP address for our
> server.
> I can connect to OWA with public IP address. But how should the
> certificate
> be made so I can use OMA in my mobile phone in this case?
I got it working once. After I madeome changes but haven't got it working
anymore.
I can accept and install certificates to my phone and that is not the problem.
The problem is on the server and with the certificate. And as I mentioned I
got it working once but not anymore.
"Miha Pihler [MVP]" wrote:
> Hi,
>
> Are you connecting to OWA over HTTPS (SSL)?
>
> The problem with some phones is that they will not allow (at least by
> default) to see the pages protected with certificates that they do not
> trust. So the simple solution is to buy a certificate from commercial CA
> server like Thawte or VeriSign.
>
> --
> Mike
> Microsoft MVP - Windows Security
>
> "Juha Kalliola"
> news:E9F7DD53-C84C-4E6D-BC9D-F414AC4B6F27@microsoft.com...
> > Hi,
> >
> > we are using SBS2003 with outlook web access and active sync.
> > I have been trying to make working certificate with more or less success.
> >
> > How should it be made.
> > Our sbs domain is with suffix .local. We have a public IP address for our
> > server.
> > I can connect to OWA with public IP address. But how should the
> > certificate
> > be made so I can use OMA in my mobile phone in this case?
>
>
>
Hi,
The "common name" of the certificate should match whatever DNS name you are
using in your phone to connect to the Server ActiveSync or OMA website.
For example, my SBS server has in the .local domain (and that's how we
access it internally).
However, for external access it has a host.adopenstatic.com FQDN. The
certificate that I installed has a common name that matches
host.adopenstatic.com
Cheers
Ken
--
My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
"Juha Kalliola"
news:E3EA499D-9666-4908-9FE3-1A975E1F9174@microsoft.com...
> I got it working once. After I madeome changes but haven't got it working
> anymore.
> I can accept and install certificates to my phone and that is not the
> problem.
> The problem is on the server and with the certificate. And as I mentioned
> I
> got it working once but not anymore.
>
> "Miha Pihler [MVP]" wrote:
>
>> Hi,
>>
>> Are you connecting to OWA over HTTPS (SSL)?
>>
>> The problem with some phones is that they will not allow (at least by
>> default) to see the pages protected with certificates that they do not
>> trust. So the simple solution is to buy a certificate from commercial CA
>> server like Thawte or VeriSign.
>>
>> --
>> Mike
>> Microsoft MVP - Windows Security
>>
>> "Juha Kalliola"
>> news:E9F7DD53-C84C-4E6D-BC9D-F414AC4B6F27@microsoft.com...
>> > Hi,
>> >
>> > we are using SBS2003 with outlook web access and active sync.
>> > I have been trying to make working certificate with more or less
>> > success.
>> >
>> > How should it be made.
>> > Our sbs domain is with suffix .local. We have a public IP address for
>> > our
>> > server.
>> > I can connect to OWA with public IP address. But how should the
>> > certificate
>> > be made so I can use OMA in my mobile phone in this case?
>>
>>
>>
Thanks Ken,
Could you tell me also how can I configure FQDN like yours to my SBS server?
Where I configure it?
Best,
Juha
"Ken Schaefer" wrote:
> Hi,
>
> The "common name" of the certificate should match whatever DNS name you are
> using in your phone to connect to the Server ActiveSync or OMA website.
>
> For example, my SBS server has in the .local domain (and that's how we
> access it internally).
>
> However, for external access it has a host.adopenstatic.com FQDN. The
> certificate that I installed has a common name that matches
> host.adopenstatic.com
>
> Cheers
> Ken
>
> --
> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>
>
> "Juha Kalliola"
> news:E3EA499D-9666-4908-9FE3-1A975E1F9174@microsoft.com...
> > I got it working once. After I madeome changes but haven't got it working
> > anymore.
> > I can accept and install certificates to my phone and that is not the
> > problem.
> > The problem is on the server and with the certificate. And as I mentioned
> > I
> > got it working once but not anymore.
> >
> > "Miha Pihler [MVP]" wrote:
> >
> >> Hi,
> >>
> >> Are you connecting to OWA over HTTPS (SSL)?
> >>
> >> The problem with some phones is that they will not allow (at least by
> >> default) to see the pages protected with certificates that they do not
> >> trust. So the simple solution is to buy a certificate from commercial CA
> >> server like Thawte or VeriSign.
> >>
> >> --
> >> Mike
> >> Microsoft MVP - Windows Security
> >>
> >> "Juha Kalliola"
> >> news:E9F7DD53-C84C-4E6D-BC9D-F414AC4B6F27@microsoft.com...
> >> > Hi,
> >> >
> >> > we are using SBS2003 with outlook web access and active sync.
> >> > I have been trying to make working certificate with more or less
> >> > success.
> >> >
> >> > How should it be made.
> >> > Our sbs domain is with suffix .local. We have a public IP address for
> >> > our
> >> > server.
> >> > I can connect to OWA with public IP address. But how should the
> >> > certificate
> >> > be made so I can use OMA in my mobile phone in this case?
> >>
> >>
> >>
>
>
>
First, you need to register a domain...... then ......
Read http://support.microsoft.com/?id=816525
--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/
"Juha Kalliola"
news:E132FB85-63A9-4BA8-AA03-E3BC891A4DEA@microsoft.com...
> Thanks Ken,
>
> Could you tell me also how can I configure FQDN like yours to my SBS
> server?
> Where I configure it?
>
> Best,
> Juha
>
> "Ken Schaefer" wrote:
>
>> Hi,
>>
>> The "common name" of the certificate should match whatever DNS name you
>> are
>> using in your phone to connect to the Server ActiveSync or OMA website.
>>
>> For example, my SBS server has in the .local domain (and that's how we
>> access it internally).
>>
>> However, for external access it has a host.adopenstatic.com FQDN. The
>> certificate that I installed has a common name that matches
>> host.adopenstatic.com
>>
>> Cheers
>> Ken
>>
>> --
>> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>>
>>
>> "Juha Kalliola"
>> news:E3EA499D-9666-4908-9FE3-1A975E1F9174@microsoft.com...
>> > I got it working once. After I madeome changes but haven't got it
>> > working
>> > anymore.
>> > I can accept and install certificates to my phone and that is not the
>> > problem.
>> > The problem is on the server and with the certificate. And as I
>> > mentioned
>> > I
>> > got it working once but not anymore.
>> >
>> > "Miha Pihler [MVP]" wrote:
>> >
>> >> Hi,
>> >>
>> >> Are you connecting to OWA over HTTPS (SSL)?
>> >>
>> >> The problem with some phones is that they will not allow (at least by
>> >> default) to see the pages protected with certificates that they do not
>> >> trust. So the simple solution is to buy a certificate from commercial
>> >> CA
>> >> server like Thawte or VeriSign.
>> >>
>> >> --
>> >> Mike
>> >> Microsoft MVP - Windows Security
>> >>
>> >> "Juha Kalliola"
>> >> message
>> >> news:E9F7DD53-C84C-4E6D-BC9D-F414AC4B6F27@microsoft.com...
>> >> > Hi,
>> >> >
>> >> > we are using SBS2003 with outlook web access and active sync.
>> >> > I have been trying to make working certificate with more or less
>> >> > success.
>> >> >
>> >> > How should it be made.
>> >> > Our sbs domain is with suffix .local. We have a public IP address
>> >> > for
>> >> > our
>> >> > server.
>> >> > I can connect to OWA with public IP address. But how should the
>> >> > certificate
>> >> > be made so I can use OMA in my mobile phone in this case?
>> >>
>> >>
>> >>
>>
>>
>>
Thanks Bernard,
I have registered domain name. The article you included is about FTP. How
does it help me in this case?
Best,
Juha
"Bernard Cheah [MVP]" wrote:
> First, you need to register a domain...... then ......
> Read http://support.microsoft.com/?id=816525
>
> --
> Regards,
> Bernard Cheah
> http://www.iis-resources.com/
> http://www.iiswebcastseries.com/
> http://msmvps.com/blogs/bernard/
>
>
> "Juha Kalliola"
> news:E132FB85-63A9-4BA8-AA03-E3BC891A4DEA@microsoft.com...
> > Thanks Ken,
> >
> > Could you tell me also how can I configure FQDN like yours to my SBS
> > server?
> > Where I configure it?
> >
> > Best,
> > Juha
> >
> > "Ken Schaefer" wrote:
> >
> >> Hi,
> >>
> >> The "common name" of the certificate should match whatever DNS name you
> >> are
> >> using in your phone to connect to the Server ActiveSync or OMA website.
> >>
> >> For example, my SBS server has in the .local domain (and that's how we
> >> access it internally).
> >>
> >> However, for external access it has a host.adopenstatic.com FQDN. The
> >> certificate that I installed has a common name that matches
> >> host.adopenstatic.com
> >>
> >> Cheers
> >> Ken
> >>
> >> --
> >> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
> >>
> >>
> >> "Juha Kalliola"
> >> news:E3EA499D-9666-4908-9FE3-1A975E1F9174@microsoft.com...
> >> > I got it working once. After I madeome changes but haven't got it
> >> > working
> >> > anymore.
> >> > I can accept and install certificates to my phone and that is not the
> >> > problem.
> >> > The problem is on the server and with the certificate. And as I
> >> > mentioned
> >> > I
> >> > got it working once but not anymore.
> >> >
> >> > "Miha Pihler [MVP]" wrote:
> >> >
> >> >> Hi,
> >> >>
> >> >> Are you connecting to OWA over HTTPS (SSL)?
> >> >>
> >> >> The problem with some phones is that they will not allow (at least by
> >> >> default) to see the pages protected with certificates that they do not
> >> >> trust. So the simple solution is to buy a certificate from commercial
> >> >> CA
> >> >> server like Thawte or VeriSign.
> >> >>
> >> >> --
> >> >> Mike
> >> >> Microsoft MVP - Windows Security
> >> >>
> >> >> "Juha Kalliola"
> >> >> message
> >> >> news:E9F7DD53-C84C-4E6D-BC9D-F414AC4B6F27@microsoft.com...
> >> >> > Hi,
> >> >> >
> >> >> > we are using SBS2003 with outlook web access and active sync.
> >> >> > I have been trying to make working certificate with more or less
> >> >> > success.
> >> >> >
> >> >> > How should it be made.
> >> >> > Our sbs domain is with suffix .local. We have a public IP address
> >> >> > for
> >> >> > our
> >> >> > server.
> >> >> > I can connect to OWA with public IP address. But how should the
> >> >> > certificate
> >> >> > be made so I can use OMA in my mobile phone in this case?
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
The FQDN concept apply, so you need to create a Host record that match your
cert common name and point it to your server.
--
Regards,
Bernard Cheah
http://www.iis-resources.com/
http://www.iiswebcastseries.com/
http://msmvps.com/blogs/bernard/
"Juha Kalliola"
news:18C65CF9-718F-4144-A268-C9F379A75840@microsoft.com...
> Thanks Bernard,
>
> I have registered domain name. The article you included is about FTP. How
> does it help me in this case?
>
> Best,
> Juha
>
> "Bernard Cheah [MVP]" wrote:
>
>> First, you need to register a domain...... then ......
>> Read http://support.microsoft.com/?id=816525
>>
>> --
>> Regards,
>> Bernard Cheah
>> http://www.iis-resources.com/
>> http://www.iiswebcastseries.com/
>> http://msmvps.com/blogs/bernard/
>>
>>
>> "Juha Kalliola"
>> news:E132FB85-63A9-4BA8-AA03-E3BC891A4DEA@microsoft.com...
>> > Thanks Ken,
>> >
>> > Could you tell me also how can I configure FQDN like yours to my SBS
>> > server?
>> > Where I configure it?
>> >
>> > Best,
>> > Juha
>> >
>> > "Ken Schaefer" wrote:
>> >
>> >> Hi,
>> >>
>> >> The "common name" of the certificate should match whatever DNS name
>> >> you
>> >> are
>> >> using in your phone to connect to the Server ActiveSync or OMA
>> >> website.
>> >>
>> >> For example, my SBS server has in the .local domain (and that's how we
>> >> access it internally).
>> >>
>> >> However, for external access it has a host.adopenstatic.com FQDN. The
>> >> certificate that I installed has a common name that matches
>> >> host.adopenstatic.com
>> >>
>> >> Cheers
>> >> Ken
>> >>
>> >> --
>> >> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>> >>
>> >>
>> >> "Juha Kalliola"
>> >> message
>> >> news:E3EA499D-9666-4908-9FE3-1A975E1F9174@microsoft.com...
>> >> > I got it working once. After I madeome changes but haven't got it
>> >> > working
>> >> > anymore.
>> >> > I can accept and install certificates to my phone and that is not
>> >> > the
>> >> > problem.
>> >> > The problem is on the server and with the certificate. And as I
>> >> > mentioned
>> >> > I
>> >> > got it working once but not anymore.
>> >> >
>> >> > "Miha Pihler [MVP]" wrote:
>> >> >
>> >> >> Hi,
>> >> >>
>> >> >> Are you connecting to OWA over HTTPS (SSL)?
>> >> >>
>> >> >> The problem with some phones is that they will not allow (at least
>> >> >> by
>> >> >> default) to see the pages protected with certificates that they do
>> >> >> not
>> >> >> trust. So the simple solution is to buy a certificate from
>> >> >> commercial
>> >> >> CA
>> >> >> server like Thawte or VeriSign.
>> >> >>
>> >> >> --
>> >> >> Mike
>> >> >> Microsoft MVP - Windows Security
>> >> >>
>> >> >> "Juha Kalliola"
>> >> >> message
>> >> >> news:E9F7DD53-C84C-4E6D-BC9D-F414AC4B6F27@microsoft.com...
>> >> >> > Hi,
>> >> >> >
>> >> >> > we are using SBS2003 with outlook web access and active sync.
>> >> >> > I have been trying to make working certificate with more or less
>> >> >> > success.
>> >> >> >
>> >> >> > How should it be made.
>> >> >> > Our sbs domain is with suffix .local. We have a public IP address
>> >> >> > for
>> >> >> > our
>> >> >> > server.
>> >> >> > I can connect to OWA with public IP address. But how should the
>> >> >> > certificate
>> >> >> > be made so I can use OMA in my mobile phone in this case?
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
I'm sorry but I don't understand. If I give you details could you help me out.
Our server is "serveri.itadmina.local", it has a public IP address.
Our mailboxes and web server is on ISP. We use POP3 connector to collect
email from ISP to Exchange.
Our registered domain is "itadmina.fi".
Where and what changes I must do on our internal server to have this FQDN
recorded there?
"Bernard Cheah [MVP]" wrote:
> The FQDN concept apply, so you need to create a Host record that match your
> cert common name and point it to your server.
>
> --
> Regards,
> Bernard Cheah
> http://www.iis-resources.com/
> http://www.iiswebcastseries.com/
> http://msmvps.com/blogs/bernard/
>
>
> "Juha Kalliola"
> news:18C65CF9-718F-4144-A268-C9F379A75840@microsoft.com...
> > Thanks Bernard,
> >
> > I have registered domain name. The article you included is about FTP. How
> > does it help me in this case?
> >
> > Best,
> > Juha
> >
> > "Bernard Cheah [MVP]" wrote:
> >
> >> First, you need to register a domain...... then ......
> >> Read http://support.microsoft.com/?id=816525
> >>
> >> --
> >> Regards,
> >> Bernard Cheah
> >> http://www.iis-resources.com/
> >> http://www.iiswebcastseries.com/
> >> http://msmvps.com/blogs/bernard/
> >>
> >>
> >> "Juha Kalliola"
> >> news:E132FB85-63A9-4BA8-AA03-E3BC891A4DEA@microsoft.com...
> >> > Thanks Ken,
> >> >
> >> > Could you tell me also how can I configure FQDN like yours to my SBS
> >> > server?
> >> > Where I configure it?
> >> >
> >> > Best,
> >> > Juha
> >> >
> >> > "Ken Schaefer" wrote:
> >> >
> >> >> Hi,
> >> >>
> >> >> The "common name" of the certificate should match whatever DNS name
> >> >> you
> >> >> are
> >> >> using in your phone to connect to the Server ActiveSync or OMA
> >> >> website.
> >> >>
> >> >> For example, my SBS server has in the .local domain (and that's how we
> >> >> access it internally).
> >> >>
> >> >> However, for external access it has a host.adopenstatic.com FQDN. The
> >> >> certificate that I installed has a common name that matches
> >> >> host.adopenstatic.com
> >> >>
> >> >> Cheers
> >> >> Ken
> >> >>
> >> >> --
> >> >> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
> >> >>
> >> >>
> >> >> "Juha Kalliola"
> >> >> message
> >> >> news:E3EA499D-9666-4908-9FE3-1A975E1F9174@microsoft.com...
> >> >> > I got it working once. After I madeome changes but haven't got it
> >> >> > working
> >> >> > anymore.
> >> >> > I can accept and install certificates to my phone and that is not
> >> >> > the
> >> >> > problem.
> >> >> > The problem is on the server and with the certificate. And as I
> >> >> > mentioned
> >> >> > I
> >> >> > got it working once but not anymore.
> >> >> >
> >> >> > "Miha Pihler [MVP]" wrote:
> >> >> >
> >> >> >> Hi,
> >> >> >>
> >> >> >> Are you connecting to OWA over HTTPS (SSL)?
> >> >> >>
> >> >> >> The problem with some phones is that they will not allow (at least
> >> >> >> by
> >> >> >> default) to see the pages protected with certificates that they do
> >> >> >> not
> >> >> >> trust. So the simple solution is to buy a certificate from
> >> >> >> commercial
> >> >> >> CA
> >> >> >> server like Thawte or VeriSign.
> >> >> >>
> >> >> >> --
> >> >> >> Mike
> >> >> >> Microsoft MVP - Windows Security
> >> >> >>
> >> >> >> "Juha Kalliola"
> >> >> >> message
> >> >> >> news:E9F7DD53-C84C-4E6D-BC9D-F414AC4B6F27@microsoft.com...
> >> >> >> > Hi,
> >> >> >> >
> >> >> >> > we are using SBS2003 with outlook web access and active sync.
> >> >> >> > I have been trying to make working certificate with more or less
> >> >> >> > success.
> >> >> >> >
> >> >> >> > How should it be made.
> >> >> >> > Our sbs domain is with suffix .local. We have a public IP address
> >> >> >> > for
> >> >> >> > our
> >> >> >> > server.
> >> >> >> > I can connect to OWA with public IP address. But how should the
> >> >> >> > certificate
> >> >> >> > be made so I can use OMA in my mobile phone in this case?
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
Hi,
Your public domain (itadmin.fi) needs public DNS servers. This allows remote
users to lookup hosts in the itadmin.fi domain, and find the associated IP
addresses.
When you registered the domain, you need to specify authorative DNS servers
for the domain. Those are the public DNS servers for the domain. On those
DNS servers you need to create an appropriate A (Alias) or CNAME (canonical
name) record that points somehostname.itadmin.fi -> your public IP address.
Cheers
Ken
"Juha Kalliola"
news:69E77162-2D6F-4129-AA2A-B4FB734B1FC0@microsoft.com...
> I'm sorry but I don't understand. If I give you details could you help me
> out.
>
> Our server is "serveri.itadmina.local", it has a public IP address.
> Our mailboxes and web server is on ISP. We use POP3 connector to collect
> email from ISP to Exchange.
>
> Our registered domain is "itadmina.fi".
> Where and what changes I must do on our internal server to have this FQDN
> recorded there?
>
> "Bernard Cheah [MVP]" wrote:
>
>> The FQDN concept apply, so you need to create a Host record that match
>> your
>> cert common name and point it to your server.
>>
>> --
>> Regards,
>> Bernard Cheah
>> http://www.iis-resources.com/
>> http://www.iiswebcastseries.com/
>> http://msmvps.com/blogs/bernard/
>>
>>
>> "Juha Kalliola"
>> news:18C65CF9-718F-4144-A268-C9F379A75840@microsoft.com...
>> > Thanks Bernard,
>> >
>> > I have registered domain name. The article you included is about FTP.
>> > How
>> > does it help me in this case?
>> >
>> > Best,
>> > Juha
>> >
>> > "Bernard Cheah [MVP]" wrote:
>> >
>> >> First, you need to register a domain...... then ......
>> >> Read http://support.microsoft.com/?id=816525
>> >>
>> >> --
>> >> Regards,
>> >> Bernard Cheah
>> >> http://www.iis-resources.com/
>> >> http://www.iiswebcastseries.com/
>> >> http://msmvps.com/blogs/bernard/
>> >>
>> >>
>> >> "Juha Kalliola"
>> >> message
>> >> news:E132FB85-63A9-4BA8-AA03-E3BC891A4DEA@microsoft.com...
>> >> > Thanks Ken,
>> >> >
>> >> > Could you tell me also how can I configure FQDN like yours to my SBS
>> >> > server?
>> >> > Where I configure it?
>> >> >
>> >> > Best,
>> >> > Juha
>> >> >
>> >> > "Ken Schaefer" wrote:
>> >> >
>> >> >> Hi,
>> >> >>
>> >> >> The "common name" of the certificate should match whatever DNS name
>> >> >> you
>> >> >> are
>> >> >> using in your phone to connect to the Server ActiveSync or OMA
>> >> >> website.
>> >> >>
>> >> >> For example, my SBS server has in the .local domain (and that's how
>> >> >> we
>> >> >> access it internally).
>> >> >>
>> >> >> However, for external access it has a host.adopenstatic.com FQDN.
>> >> >> The
>> >> >> certificate that I installed has a common name that matches
>> >> >> host.adopenstatic.com
>> >> >>
>> >> >> Cheers
>> >> >> Ken
>> >> >>
>> >> >> --
>> >> >> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
>> >> >>
>> >> >>
>> >> >> "Juha Kalliola"
>> >> >> message
>> >> >> news:E3EA499D-9666-4908-9FE3-1A975E1F9174@microsoft.com...
>> >> >> > I got it working once. After I madeome changes but haven't got it
>> >> >> > working
>> >> >> > anymore.
>> >> >> > I can accept and install certificates to my phone and that is not
>> >> >> > the
>> >> >> > problem.
>> >> >> > The problem is on the server and with the certificate. And as I
>> >> >> > mentioned
>> >> >> > I
>> >> >> > got it working once but not anymore.
>> >> >> >
>> >> >> > "Miha Pihler [MVP]" wrote:
>> >> >> >
>> >> >> >> Hi,
>> >> >> >>
>> >> >> >> Are you connecting to OWA over HTTPS (SSL)?
>> >> >> >>
>> >> >> >> The problem with some phones is that they will not allow (at
>> >> >> >> least
>> >> >> >> by
>> >> >> >> default) to see the pages protected with certificates that they
>> >> >> >> do
>> >> >> >> not
>> >> >> >> trust. So the simple solution is to buy a certificate from
>> >> >> >> commercial
>> >> >> >> CA
>> >> >> >> server like Thawte or VeriSign.
>> >> >> >>
>> >> >> >> --
>> >> >> >> Mike
>> >> >> >> Microsoft MVP - Windows Security
>> >> >> >>
>> >> >> >> "Juha Kalliola"
>> >> >> >> in
>> >> >> >> message
>> >> >> >> news:E9F7DD53-C84C-4E6D-BC9D-F414AC4B6F27@microsoft.com...
>> >> >> >> > Hi,
>> >> >> >> >
>> >> >> >> > we are using SBS2003 with outlook web access and active sync.
>> >> >> >> > I have been trying to make working certificate with more or
>> >> >> >> > less
>> >> >> >> > success.
>> >> >> >> >
>> >> >> >> > How should it be made.
>> >> >> >> > Our sbs domain is with suffix .local. We have a public IP
>> >> >> >> > address
>> >> >> >> > for
>> >> >> >> > our
>> >> >> >> > server.
>> >> >> >> > I can connect to OWA with public IP address. But how should
>> >> >> >> > the
>> >> >> >> > certificate
>> >> >> >> > be made so I can use OMA in my mobile phone in this case?
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
Thanks Ken,
this was the answer I was looking for.
"Ken Schaefer" wrote:
> Hi,
>
> Your public domain (itadmin.fi) needs public DNS servers. This allows remote
> users to lookup hosts in the itadmin.fi domain, and find the associated IP
> addresses.
>
> When you registered the domain, you need to specify authorative DNS servers
> for the domain. Those are the public DNS servers for the domain. On those
> DNS servers you need to create an appropriate A (Alias) or CNAME (canonical
> name) record that points somehostname.itadmin.fi -> your public IP address.
>
> Cheers
> Ken
>
> "Juha Kalliola"
> news:69E77162-2D6F-4129-AA2A-B4FB734B1FC0@microsoft.com...
> > I'm sorry but I don't understand. If I give you details could you help me
> > out.
> >
> > Our server is "serveri.itadmina.local", it has a public IP address.
> > Our mailboxes and web server is on ISP. We use POP3 connector to collect
> > email from ISP to Exchange.
> >
> > Our registered domain is "itadmina.fi".
> > Where and what changes I must do on our internal server to have this FQDN
> > recorded there?
> >
> > "Bernard Cheah [MVP]" wrote:
> >
> >> The FQDN concept apply, so you need to create a Host record that match
> >> your
> >> cert common name and point it to your server.
> >>
> >> --
> >> Regards,
> >> Bernard Cheah
> >> http://www.iis-resources.com/
> >> http://www.iiswebcastseries.com/
> >> http://msmvps.com/blogs/bernard/
> >>
> >>
> >> "Juha Kalliola"
> >> news:18C65CF9-718F-4144-A268-C9F379A75840@microsoft.com...
> >> > Thanks Bernard,
> >> >
> >> > I have registered domain name. The article you included is about FTP.
> >> > How
> >> > does it help me in this case?
> >> >
> >> > Best,
> >> > Juha
> >> >
> >> > "Bernard Cheah [MVP]" wrote:
> >> >
> >> >> First, you need to register a domain...... then ......
> >> >> Read http://support.microsoft.com/?id=816525
> >> >>
> >> >> --
> >> >> Regards,
> >> >> Bernard Cheah
> >> >> http://www.iis-resources.com/
> >> >> http://www.iiswebcastseries.com/
> >> >> http://msmvps.com/blogs/bernard/
> >> >>
> >> >>
> >> >> "Juha Kalliola"
> >> >> message
> >> >> news:E132FB85-63A9-4BA8-AA03-E3BC891A4DEA@microsoft.com...
> >> >> > Thanks Ken,
> >> >> >
> >> >> > Could you tell me also how can I configure FQDN like yours to my SBS
> >> >> > server?
> >> >> > Where I configure it?
> >> >> >
> >> >> > Best,
> >> >> > Juha
> >> >> >
> >> >> > "Ken Schaefer" wrote:
> >> >> >
> >> >> >> Hi,
> >> >> >>
> >> >> >> The "common name" of the certificate should match whatever DNS name
> >> >> >> you
> >> >> >> are
> >> >> >> using in your phone to connect to the Server ActiveSync or OMA
> >> >> >> website.
> >> >> >>
> >> >> >> For example, my SBS server has in the .local domain (and that's how
> >> >> >> we
> >> >> >> access it internally).
> >> >> >>
> >> >> >> However, for external access it has a host.adopenstatic.com FQDN.
> >> >> >> The
> >> >> >> certificate that I installed has a common name that matches
> >> >> >> host.adopenstatic.com
> >> >> >>
> >> >> >> Cheers
> >> >> >> Ken
> >> >> >>
> >> >> >> --
> >> >> >> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
> >> >> >>
> >> >> >>
> >> >> >> "Juha Kalliola"
> >> >> >> message
> >> >> >> news:E3EA499D-9666-4908-9FE3-1A975E1F9174@microsoft.com...
> >> >> >> > I got it working once. After I madeome changes but haven't got it
> >> >> >> > working
> >> >> >> > anymore.
> >> >> >> > I can accept and install certificates to my phone and that is not
> >> >> >> > the
> >> >> >> > problem.
> >> >> >> > The problem is on the server and with the certificate. And as I
> >> >> >> > mentioned
> >> >> >> > I
> >> >> >> > got it working once but not anymore.
> >> >> >> >
> >> >> >> > "Miha Pihler [MVP]" wrote:
> >> >> >> >
> >> >> >> >> Hi,
> >> >> >> >>
> >> >> >> >> Are you connecting to OWA over HTTPS (SSL)?
> >> >> >> >>
> >> >> >> >> The problem with some phones is that they will not allow (at
> >> >> >> >> least
> >> >> >> >> by
> >> >> >> >> default) to see the pages protected with certificates that they
> >> >> >> >> do
> >> >> >> >> not
> >> >> >> >> trust. So the simple solution is to buy a certificate from
> >> >> >> >> commercial
> >> >> >> >> CA
> >> >> >> >> server like Thawte or VeriSign.
> >> >> >> >>
> >> >> >> >> --
> >> >> >> >> Mike
> >> >> >> >> Microsoft MVP - Windows Security
> >> >> >> >>
> >> >> >> >> "Juha Kalliola"
> >> >> >> >> in
> >> >> >> >> message
> >> >> >> >> news:E9F7DD53-C84C-4E6D-BC9D-F414AC4B6F27@microsoft.com...
> >> >> >> >> > Hi,
> >> >> >> >> >
> >> >> >> >> > we are using SBS2003 with outlook web access and active sync.
> >> >> >> >> > I have been trying to make working certificate with more or
> >> >> >> >> > less
> >> >> >> >> > success.
> >> >> >> >> >
> >> >> >> >> > How should it be made.
> >> >> >> >> > Our sbs domain is with suffix .local. We have a public IP
> >> >> >> >> > address
> >> >> >> >> > for
> >> >> >> >> > our
> >> >> >> >> > server.
> >> >> >> >> > I can connect to OWA with public IP address. But how should
> >> >> >> >> > the
> >> >> >> >> > certificate
> >> >> >> >> > be made so I can use OMA in my mobile phone in this case?
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
Hi Ken,
I hope you still read this post.
I made a record on DNS somehost.itadmina.fi. (not actually that name) I made
a new certificate on DefaultWeb. Everything seems to be fine. When I go to
https://somehost.itadmina.fi from my home (for example) I can install the
certificate and it says issuer is somehost.itadmina.fi.
When I export the certificate for using in my phone, it says the issuer is
somehost.itadmina.local. When I install it to phone at set it trusted it is
not trusted. So this is my problem now. Why in my phone the same certificate
says that issuer is .local and in my desktop .fi?? I don't undertand.
Please help me if you can.
Best,
Juha
"Ken Schaefer" wrote:
> Hi,
>
> Your public domain (itadmin.fi) needs public DNS servers. This allows remote
> users to lookup hosts in the itadmin.fi domain, and find the associated IP
> addresses.
>
> When you registered the domain, you need to specify authorative DNS servers
> for the domain. Those are the public DNS servers for the domain. On those
> DNS servers you need to create an appropriate A (Alias) or CNAME (canonical
> name) record that points somehostname.itadmin.fi -> your public IP address.
>
> Cheers
> Ken
>
> "Juha Kalliola"
> news:69E77162-2D6F-4129-AA2A-B4FB734B1FC0@microsoft.com...
> > I'm sorry but I don't understand. If I give you details could you help me
> > out.
> >
> > Our server is "serveri.itadmina.local", it has a public IP address.
> > Our mailboxes and web server is on ISP. We use POP3 connector to collect
> > email from ISP to Exchange.
> >
> > Our registered domain is "itadmina.fi".
> > Where and what changes I must do on our internal server to have this FQDN
> > recorded there?
> >
> > "Bernard Cheah [MVP]" wrote:
> >
> >> The FQDN concept apply, so you need to create a Host record that match
> >> your
> >> cert common name and point it to your server.
> >>
> >> --
> >> Regards,
> >> Bernard Cheah
> >> http://www.iis-resources.com/
> >> http://www.iiswebcastseries.com/
> >> http://msmvps.com/blogs/bernard/
> >>
> >>
> >> "Juha Kalliola"
> >> news:18C65CF9-718F-4144-A268-C9F379A75840@microsoft.com...
> >> > Thanks Bernard,
> >> >
> >> > I have registered domain name. The article you included is about FTP.
> >> > How
> >> > does it help me in this case?
> >> >
> >> > Best,
> >> > Juha
> >> >
> >> > "Bernard Cheah [MVP]" wrote:
> >> >
> >> >> First, you need to register a domain...... then ......
> >> >> Read http://support.microsoft.com/?id=816525
> >> >>
> >> >> --
> >> >> Regards,
> >> >> Bernard Cheah
> >> >> http://www.iis-resources.com/
> >> >> http://www.iiswebcastseries.com/
> >> >> http://msmvps.com/blogs/bernard/
> >> >>
> >> >>
> >> >> "Juha Kalliola"
> >> >> message
> >> >> news:E132FB85-63A9-4BA8-AA03-E3BC891A4DEA@microsoft.com...
> >> >> > Thanks Ken,
> >> >> >
> >> >> > Could you tell me also how can I configure FQDN like yours to my SBS
> >> >> > server?
> >> >> > Where I configure it?
> >> >> >
> >> >> > Best,
> >> >> > Juha
> >> >> >
> >> >> > "Ken Schaefer" wrote:
> >> >> >
> >> >> >> Hi,
> >> >> >>
> >> >> >> The "common name" of the certificate should match whatever DNS name
> >> >> >> you
> >> >> >> are
> >> >> >> using in your phone to connect to the Server ActiveSync or OMA
> >> >> >> website.
> >> >> >>
> >> >> >> For example, my SBS server has in the .local domain (and that's how
> >> >> >> we
> >> >> >> access it internally).
> >> >> >>
> >> >> >> However, for external access it has a host.adopenstatic.com FQDN.
> >> >> >> The
> >> >> >> certificate that I installed has a common name that matches
> >> >> >> host.adopenstatic.com
> >> >> >>
> >> >> >> Cheers
> >> >> >> Ken
> >> >> >>
> >> >> >> --
> >> >> >> My IIS Blog: www.adOpenStatic.com/cs/blogs/ken
> >> >> >>
> >> >> >>
> >> >> >> "Juha Kalliola"
> >> >> >> message
> >> >> >> news:E3EA499D-9666-4908-9FE3-1A975E1F9174@microsoft.com...
> >> >> >> > I got it working once. After I madeome changes but haven't got it
> >> >> >> > working
> >> >> >> > anymore.
> >> >> >> > I can accept and install certificates to my phone and that is not
> >> >> >> > the
> >> >> >> > problem.
> >> >> >> > The problem is on the server and with the certificate. And as I
> >> >> >> > mentioned
> >> >> >> > I
> >> >> >> > got it working once but not anymore.
> >> >> >> >
> >> >> >> > "Miha Pihler [MVP]" wrote:
> >> >> >> >
> >> >> >> >> Hi,
> >> >> >> >>
> >> >> >> >> Are you connecting to OWA over HTTPS (SSL)?
> >> >> >> >>
> >> >> >> >> The problem with some phones is that they will not allow (at
> >> >> >> >> least
> >> >> >> >> by
> >> >> >> >> default) to see the pages protected with certificates that they
> >> >> >> >> do
> >> >> >> >> not
> >> >> >> >> trust. So the simple solution is to buy a certificate from
> >> >> >> >> commercial
> >> >> >> >> CA
> >> >> >> >> server like Thawte or VeriSign.
> >> >> >> >>
> >> >> >> >> --
> >> >> >> >> Mike
> >> >> >> >> Microsoft MVP - Windows Security
> >> >> >> >>
> >> >> >> >> "Juha Kalliola"
> >> >> >> >> in
> >> >> >> >> message
> >> >> >> >> news:E9F7DD53-C84C-4E6D-BC9D-F414AC4B6F27@microsoft.com...
> >> >> >> >> > Hi,
> >> >> >> >> >
> >> >> >> >> > we are using SBS2003 with outlook web access and active sync.
> >> >> >> >> > I have been trying to make working certificate with more or
> >> >> >> >> > less
> >> >> >> >> > success.
> >> >> >> >> >
> >> >> >> >> > How should it be made.
> >> >> >> >> > Our sbs domain is with suffix .local. We have a public IP
> >> >> >> >> > address
> >> >> >> >> > for
> >> >> >> >> > our
> >> >> >> >> > server.
> >> >> >> >> > I can connect to OWA with public IP address. But how should
> >> >> >> >> > the
> >> >> >> >> > certificate
> >> >> >> >> > be made so I can use OMA in my mobile phone in this case?
> >> >> >> >>
> >> >> >> >>
> >> >> >> >>
> >> >> >>
> >> >> >>
> >> >> >>
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>