SSl and RPC
Exchange Server Forum Index Exchange Server
Discussion forums for Microsoft Exchange Server users.
Microsoft Outlook
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web ExchangeServerHelp.com
SSl and RPC

 
Post new topic   Reply to topic    Exchange Server Forum Index -> Connectivity
Author Message
IRA
Guest
Posted: Fri Jan 07, 2005 9:49 pm    Post subject: SSl and RPC Reply with quote
I'm about ready to pull my hair out. This RPC over HTTPS thing is really got
me perplexed. I have issued a certificate from my own CA via my webserver.
I downloaded the certificate from my webserver and double clicked it to
install it. It says that the import was succesfull. I rebooted the exchange
server, but still can't connect the site (https://exchange.something.com/rpc)
I tried installing the certificate on the client machine and it says that it
could not validate the authority (fine... it's my own authority)... but that
didn't work either. When I go back to IIS on the exchange server... right
click on RPC and go to directory security, the buttons on the SSL section are
grayed out except for edit. If I go to the properties of the default
website, it allows me to select server certificate, but doesn't show that I
have one installed. What am I doing wrong!? I have read all I can find on
RPC over HTTPS (single server) and followed all the directions to the letter.
Any help would be greatly apprecitaed.

Thanks,
IRA

Back to top
Tim Hackbart [MSFT]
Guest
Posted: Sat Jan 08, 2005 6:50 am    Post subject: Re: SSl and RPC Reply with quote
You may be very close, I think you are failing on the Certificate
verification.
Quote:
I tried installing the certificate on the client machine and it says that
it
could not validate the authority (fine... it's my own authority)...

Outlook 2003 uses the WinHTTP interface to make its RPC over HTTPs calls,
this interface does not allow for the display of dialog boxes like WinInet
does for Internet Explorer. Because of this fact the SSL Server Certificate
that you use must be issued by a Trusted Root CA.

If you issue your own Cert, then you need to install the Trusted Root CA on
ALL the clients. This is not the same thing as the Server Cert.

So try installing the Root CA from your own CA on your client, then make
sure that when you hit it with IE you do NOT get any type of prompts. I
always access the server with HTTPS://Server.domain.com/rpc and make sure
that I get prompter for credentials, then after providing Credentials you
should get a 403.2 error. Then I double click on the SSL "Lock" at the
bottom right of the IE window, make sure it is valid and then click on the
Certification Path and make sure there are NO red X's in the path. You must
have a clear certification path all the way up for this to work.

833401 How to configure RPC over HTTP on a single server in Exchange Server
2003
http://support.microsoft.com/?id=833401 is a great article and speaks to
this issue under the
Configure the Outlook 2003 computer to use RPC over HTTP topic
3. If you receive a message that states that the certificate was issued
by a company that you have not chosen to trust, make sure that the
client computer trusts the root certification authority that issued the
certificate. Note Typically, you receive this message when you do not
configure the server to use a third-party certificate. For additional
information about this issue, see the "#5: Recommendations when you use
Exchange with RPC over HTTP" section.

I do hope this helps.

--
Tim Hackbart M.C.S.E.
This posting is provided "AS IS" with no warranties, and confers no rights.

Please do not send email directly to this alias. This alias is for newsgroup
purposes only.

"IRA" <IRA@discussions.microsoft.com> wrote in message
news:BD96F604-6CD8-4B23-8DC6-B05282D6F223@microsoft.com...
Quote:
I'm about ready to pull my hair out. This RPC over HTTPS thing is really
got
me perplexed. I have issued a certificate from my own CA via my
webserver.
I downloaded the certificate from my webserver and double clicked it to
install it. It says that the import was succesfull. I rebooted the
exchange
server, but still can't connect the site
(https://exchange.something.com/rpc)
I tried installing the certificate on the client machine and it says that
it
could not validate the authority (fine... it's my own authority)... but
that
didn't work either. When I go back to IIS on the exchange server... right
click on RPC and go to directory security, the buttons on the SSL section
are
grayed out except for edit. If I go to the properties of the default
website, it allows me to select server certificate, but doesn't show that
I
have one installed. What am I doing wrong!? I have read all I can find
on
RPC over HTTPS (single server) and followed all the directions to the
letter.
Any help would be greatly apprecitaed.

Thanks,
IRA
Back to top
 
Post new topic   Reply to topic    Exchange Server Forum Index -> Connectivity All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




Windows Server Dedicated Servers
Contact Us
New Topics Powered by phpBB