 |
 |
|
 |
|
| Author |
|
|||||||
|
jmr
Posts: 5383
Location: Brisbane, Queensland
|
Hey guys,
I have recently got a new certificate for a friend whom I am setting up RPC over HTTPS. Now I had it working externally, ie to the FQDN, but now, after installing a certified certificate, it is only working internally, while on the lan running the MSFWC I really wanna try and get this fixed before christmas so that people can roam, so if anyone can help me shed some light I would really appreciate it Happy to pay if its required |
|||||||
| #0 10:49pm 18/12/07 |
|
|||||||
|
system
|
--
|
|||||||
| #0 |
|
|||||||
|
teq
Posts: 692
Location: Brisbane, Queensland
|
got multiple virtual hosts setup? ie one on your 192.168.x (or whatever) and the outside/external interface?
what IP is the SSL bound too? it will need to be bound to the external IP rather than the internal.. what you might be able to do as an interim fix is run some kind of proxy/port forwarding so that as far as the windows box is concerned, all connections are coming from a lan address |
|||||||
| #1 12:30am 19/12/07 |
|
|||||||
|
`ViPER`
Posts: 271
Location: Brisbane, Queensland
|
The ssl would have been made for a specific domain, if tha doesnt match the external domain it wont work.
|
|||||||
| #2 08:13am 19/12/07 |
|
|||||||
|
jmr
Posts: 5384
Location: Brisbane, Queensland
|
See the weird thing is, the SSL certificate has been made for the external domain name, mail.thecompany.net.au, and that is what has been entered in Outlook for the HTTPS server.
It works internally, which it wasn't previously, IE ISA wouldn't let RPC traffic through 443 goto an external address, so I entered in another reverse lookup zone for the server as it's external IP,and now it works internally, externally though it looks to be just timing out or something Browsing to http://mail.companyname.net.au/rpc produces the right 403 results, and webmail works fine through https://mail.companyname.net.au/exchange Got me buggered :( |
|||||||
| #3 01:21pm 19/12/07 |
|
|||||||
|
TicMan
Posts: 2972
Location: Brisbane, Queensland
|
Are you port forwarding 443 to the internal IP, using DNAT or does the Exchange box have it's own external IP?
|
|||||||
| #4 01:24pm 19/12/07 |
|
|||||||
|
jmr
Posts: 5387
Location: Brisbane, Queensland
|
It's got an external IP
Its actually running SBS, connected directly to the router as a DMZ |
|||||||
| #5 02:56pm 19/12/07 |
|
|||||||
|
TicMan
Posts: 2973
Location: Brisbane, Queensland
|
Check in IIS that the SSL is listening on the external IP (and internal IP or all IPs).
|
|||||||
| #6 02:56pm 19/12/07 |
|
|||||||
|
jmr
Posts: 5390
Location: Brisbane, Queensland
|
Ya tis
Otherwise https://mail.companyname.net.au wouldn't work? Bizarre thing is that it was all working fine before I replaced the certificate with a trusted one (ie not issues by itself). I haven't changed any of the ISA server rules, etc. ISA should pull its certificates from the Windows certificate store shouldn't it ? I've removed all the redundant cert's so it shouldn't be getting confused there.. last edited by jmr at 15:51:33 19/Dec/07 |
|||||||
| #7 03:51pm 19/12/07 |
|
|||||||
|
system
|
--
|
|||||||
| #7 |
|
|||||||
|
| ||||||||
