Certificate Problems....need info

Hi Folks. I'm trying to setup my certificate on our server running
Server Standard 2003 R2. I setup the certificate for
example.example.com which points to our server. I get the prompt to
continue from IE 7 and then I install the certificate in the trusted
root certificate authorities just like any other but this one never
sticks. I get use OWA just fine once I accept to continue. The next
time I go back to the site I have to "continue" again like it doesn't
know the cert is installed and if I go to install it again it acts
like the first time and has the "Install Certificate" button still.
Every other site I install the certificate from goes right into the
site and I never get asked about it again. Also, I cannot connect any
smart phones to the server for mobile email access. I can do this on
our SBS server but not the standard server. I don't have to do
anything in the SBS except go through the wizard and it makes the cert
so I don't know what I am doing wrong when I am doing it through the
standard server. I go to add/remove programs and add the certificate
service as desribe in this article (http://www.msexchange.org/
tutorials/SSL-Enabling-OWA-2003-Using-Free-3rdParty-
Certificate.html). Any help would be much appreciated. Thanks!

In news:5092e5a8-206e-440a-9908-(E-Mail Removed),
ridergroov <(E-Mail Removed)> typed:
> Hi Folks. I'm trying to setup my certificate on our server running
> Server Standard 2003 R2. I setup the certificate for
> example.example.com which points to our server. I get the prompt to
> continue from IE 7 and then I install the certificate in the trusted
> root certificate authorities just like any other but this one never
> sticks. I get use OWA just fine once I accept to continue. The next
> time I go back to the site I have to "continue" again like it doesn't
> know the cert is installed and if I go to install it again it acts
> like the first time and has the "Install Certificate" button still.
> Every other site I install the certificate from goes right into the
> site and I never get asked about it again. Also, I cannot connect any
> smart phones to the server for mobile email access. I can do this on
> our SBS server but not the standard server. I don't have to do
> anything in the SBS except go through the wizard and it makes the cert
> so I don't know what I am doing wrong when I am doing it through the
> standard server. I go to add/remove programs and add the certificate
> service as desribe in this article (http://www.msexchange.org/
> tutorials/SSL-Enabling-OWA-2003-Using-Free-3rdParty-
> Certificate.html). Any help would be much appreciated. Thanks!

You have to actually install the CA's Root cert in the Trusted Roots store
and not the website's cert. To do that you must first export the Root cert
in the Cert Server's console, then copy that over to your machine or any
other machine, then import it in the Root store.

Ace
--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

On Dec 23, 3:10 am, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>
wrote:
> Innews:5092e5a8-206e-440a-9908-(E-Mail Removed),
> ridergroov <ridergro...@comcast.net> typed:
>
>
>
> > Hi Folks. I'm trying to setup my certificate on our server running
> > Server Standard 2003 R2. I setup the certificate for
> > example.example.com which points to our server. I get the prompt to
> > continue from IE 7 and then I install the certificate in the trusted
> > root certificate authorities just like any other but this one never
> > sticks. I get use OWA just fine once I accept to continue. The next
> > time I go back to the site I have to "continue" again like it doesn't
> > know the cert is installed and if I go to install it again it acts
> > like the first time and has the "Install Certificate" button still.
> > Every other site I install the certificate from goes right into the
> > site and I never get asked about it again. Also, I cannot connect any
> > smart phones to the server for mobile email access. I can do this on
> > our SBS server but not the standard server. I don't have to do
> > anything in the SBS except go through the wizard and it makes the cert
> > so I don't know what I am doing wrong when I am doing it through the
> > standard server. I go to add/remove programs and add the certificate
> > service as desribe in this article (http://www.msexchange.org/
> > tutorials/SSL-Enabling-OWA-2003-Using-Free-3rdParty-
> > Certificate.html). Any help would be much appreciated. Thanks!
>
> You have to actually install the CA's Root cert in the Trusted Roots store
> and not the website's cert. To do that you must first export the Root cert
> in the Cert Server's console, then copy that over to your machine or any
> other machine, then import it in the Root store.
>
> Ace
> --
> Regards,
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> MVP Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> Infinite Diversities in Infinite Combinations

Ace,

Thanks first for the reply. I have been struggling with this for some
time. My first question is why do I have to do this with my 03
standard server to get it to work and why do I not have to do this
when I use the cert from our SBS box? I just export the one from the
SBS machine right from the browser and it works on all machines and
all devices. Secondly, how do I do this? Thank you for your time.

In news:ddcdccdb-fd66-4c55-bf83-(E-Mail Removed),
ridergroov <(E-Mail Removed)> typed:

> Ace,
>
> Thanks first for the reply. I have been struggling with this for some
> time. My first question is why do I have to do this with my 03
> standard server to get it to work and why do I not have to do this
> when I use the cert from our SBS box? I just export the one from the
> SBS machine right from the browser and it works on all machines and
> all devices. Secondly, how do I do this? Thank you for your time.

SBS is a different animal but if al machines are part of a domain, the
domain's CA is automatically trusted. With any machine outside of the
domain, it will not be aware of the Root CA of a private CA. For example,
look in IE, Content tab, Certificates, trusted Root cert tab, and you can
see all the publically trusted CAs. You have to get the cert from the Root
CA into this list.

Are you asking how to do this? Go to your Certificate Server snapin, export
a copy of the Root CA's cert. Go to a machine, and in the area that I
mentioned above, import it in and choose the Root store.

Here's an example from Dartmouth College's instructions:
http://www.dartmouth.edu/comp/suppor.../wireless.html

Ace