If you use commercial SSL certificate for your organization's Outlook Web Access (OWA) you will have to manually change the certificate OWA uses since by default OWA uses self-signed certificate.
When you do that you need to enable new certificate for Exchange 2007 services. You do that by using Enable-ExchangeCertificate cmdlet in Exchange Management Shell. First:
Get-ExchangeCertificate | fl Subject, Thumbprint, Services
... to get the thumbprint of the certificate you want to enable for IIS and you previously imported into IIS. Then:
Enable-ExchangeCertificate -Thumbprint (COPYTHECORRECTTHUMBPRINTFROMPREVIOUSCOMMAND) -Services IIS
Now that your certificate is in place and enabled for IIS services you need to change Internal URL's to use new FQDN you are using in your certificate. If you don't do that you will get "The name of the security certificate is invalid or does not match the name of the site" warning when you start Outlook 2007. Let's presume your CAS server's name is CASSRV and the FQDN of the certificate is mail.exchangelog.info. So, to change internal URL's you need to run following commands:
Set-ClientAccessServer -Identity CASSRV -AutodiscoverServiceInternalUri https://mail.exchangelog.info/autodiscover/autodiscover.xml
Set-WebServicesVirtualDirectory -Identity "CASSRV\EWS (Default Web Site)" -InternalUrl https://mail.exchangelog.info/ews/exchange.asmx
Set-OABVirtualDirectory -Identity "CASSRV\OAB (Default Web Site)" -InternalUrl https://mail.exchangelog.info/oab
Set-UMVirtualDirectory -Identity "CASSRV\unifiedmessaging (Default Web Site)" -InternalUrl https://mail.exchangelog.info/unifiedmessaging/service.asmx
I suggest that you run get-WILLBEUSEDCOMMAND before you run Set- command where WILLBEUSEDCOMMAND is a command you plan to use in order to check/write down current settings always before you start changing things.
Related article: http://support.microsoft.com/default.aspx/kb/940726
Comments
Post a Comment