Problems with Certificate Services and OWA

Archived from groups: microsoft.public.exchange.clients,microsoft.public.exchange2000.general,microsoft.public.win2000.general (More info?)

Our Exchange 2003 server was running on a Windows 2000 Server, using OWA
with forms-based authentication and was setup as a Certificate Authority.
We suffered a bad system crash that resulting in me having to reinstall
Windows and Exchange using the Disaster Recovery option, and then restoring
Information Stores from backup.

After restoring the server to fully working order, I needed to setup OWA to
use SSL for forms-based authentication. So, I installed Certificate
Services on this server, as I did before, and made it the Enterprise Root
CA. It gave a prompt that there was already a server with the same name
setup as a CA root so I clicked the option to overwrite this. I installed
the certificate as Microsoft explains in the knowledgebase articles, and
everything looks right. However, when trying to access the HTTPS address
for OWA, I get a page cannot be found. I have imported the certificate into
IIS...am I overlooking something?

Please assist if at all possible, thanks.

-Tim Nichols
MCP
8 answers Last reply
More about problems certificate services
  1. Archived from groups: microsoft.public.exchange.clients,microsoft.public.exchange2000.general,microsoft.public.win2000.general (More info?)

    You may have to set the SSL port in IIS. Sometimes it blank on a new
    install. Set it to 443.

    "Tim Nichols" <tnichols@NOSPAMtoyodatrw.com> wrote in message
    news:ObJ%2390FbFHA.3280@TK2MSFTNGP09.phx.gbl...
    > Our Exchange 2003 server was running on a Windows 2000 Server, using OWA
    > with forms-based authentication and was setup as a Certificate Authority.
    > We suffered a bad system crash that resulting in me having to reinstall
    > Windows and Exchange using the Disaster Recovery option, and then
    restoring
    > Information Stores from backup.
    >
    > After restoring the server to fully working order, I needed to setup OWA
    to
    > use SSL for forms-based authentication. So, I installed Certificate
    > Services on this server, as I did before, and made it the Enterprise Root
    > CA. It gave a prompt that there was already a server with the same name
    > setup as a CA root so I clicked the option to overwrite this. I installed
    > the certificate as Microsoft explains in the knowledgebase articles, and
    > everything looks right. However, when trying to access the HTTPS address
    > for OWA, I get a page cannot be found. I have imported the certificate
    into
    > IIS...am I overlooking something?
    >
    > Please assist if at all possible, thanks.
    >
    > -Tim Nichols
    > MCP
    >
    >
  2. Archived from groups: microsoft.public.exchange.clients,microsoft.public.exchange2000.general,microsoft.public.win2000.general (More info?)

    PS: If it did set it up in IIS on another website, but not the one for OWA,
    you *MAY* have to close your broswer and try again after you turn port 443
    on in the OWA website.

    IE funkeyness.

    "Terry" <ttrapp.spam.me.not@org.insurors.r3m0v3m3> wrote in message
    news:3d96a$42a74618$45264c04$4970@NEWSOUTH.NET...
    > You may have to set the SSL port in IIS. Sometimes it blank on a new
    > install. Set it to 443.
    >
    > "Tim Nichols" <tnichols@NOSPAMtoyodatrw.com> wrote in message
    > news:ObJ%2390FbFHA.3280@TK2MSFTNGP09.phx.gbl...
    > > Our Exchange 2003 server was running on a Windows 2000 Server, using OWA
    > > with forms-based authentication and was setup as a Certificate
    Authority.
    > > We suffered a bad system crash that resulting in me having to reinstall
    > > Windows and Exchange using the Disaster Recovery option, and then
    > restoring
    > > Information Stores from backup.
    > >
    > > After restoring the server to fully working order, I needed to setup OWA
    > to
    > > use SSL for forms-based authentication. So, I installed Certificate
    > > Services on this server, as I did before, and made it the Enterprise
    Root
    > > CA. It gave a prompt that there was already a server with the same name
    > > setup as a CA root so I clicked the option to overwrite this. I
    installed
    > > the certificate as Microsoft explains in the knowledgebase articles, and
    > > everything looks right. However, when trying to access the HTTPS
    address
    > > for OWA, I get a page cannot be found. I have imported the certificate
    > into
    > > IIS...am I overlooking something?
    > >
    > > Please assist if at all possible, thanks.
    > >
    > > -Tim Nichols
    > > MCP
    > >
    > >
    >
    >
  3. Archived from groups: microsoft.public.exchange.clients,microsoft.public.exchange2000.general,microsoft.public.win2000.general (More info?)

    Terry-

    Thank you for your fast response. I just checked and yes, the port in IIS
    is set to 443, so I don't think that is the issue. I still get the Page
    cannot be displayed screen when I try to pull it up.

    Could there be a problem with the Certificate Authority in Active Directory
    since the original server crashed?

    -Tim

    "Terry" <ttrapp.spam.me.not@org.insurors.r3m0v3m3> wrote in message
    news:3d96a$42a74618$45264c04$4970@NEWSOUTH.NET...
    > You may have to set the SSL port in IIS. Sometimes it blank on a new
    > install. Set it to 443.
    >
    > "Tim Nichols" <tnichols@NOSPAMtoyodatrw.com> wrote in message
    > news:ObJ%2390FbFHA.3280@TK2MSFTNGP09.phx.gbl...
    >> Our Exchange 2003 server was running on a Windows 2000 Server, using OWA
    >> with forms-based authentication and was setup as a Certificate Authority.
    >> We suffered a bad system crash that resulting in me having to reinstall
    >> Windows and Exchange using the Disaster Recovery option, and then
    > restoring
    >> Information Stores from backup.
    >>
    >> After restoring the server to fully working order, I needed to setup OWA
    > to
    >> use SSL for forms-based authentication. So, I installed Certificate
    >> Services on this server, as I did before, and made it the Enterprise Root
    >> CA. It gave a prompt that there was already a server with the same name
    >> setup as a CA root so I clicked the option to overwrite this. I
    >> installed
    >> the certificate as Microsoft explains in the knowledgebase articles, and
    >> everything looks right. However, when trying to access the HTTPS address
    >> for OWA, I get a page cannot be found. I have imported the certificate
    > into
    >> IIS...am I overlooking something?
    >>
    >> Please assist if at all possible, thanks.
    >>
    >> -Tim Nichols
    >> MCP
    >>
    >>
    >
    >
  4. Archived from groups: microsoft.public.exchange.clients,microsoft.public.exchange2000.general,microsoft.public.win2000.general (More info?)

    Tim,
    There may be a conflict if you have the old CA certificate loaded on the
    workstations.You may have to remove the old cert. IE is *REALLY* bad about
    reporting SSL certificate problems. Often it will simply hang and then
    display the "The page cannot be displayed" error.

    I often use Firefox as a diagnostic utility for looking at SSL certificate
    problems. Give it a try. If it simply reports that it does not know who the
    CA is, but works anyway after you tell it to accept the certificate, I
    suspect that you will need to reinstall the cert for the workstation(s).

    --Terry

    "Tim Nichols" <tnichols@NOSPAMtoyodatrw.com> wrote in message
    news:edaPvWGbFHA.720@TK2MSFTNGP15.phx.gbl...
    > Terry-
    >
    > Thank you for your fast response. I just checked and yes, the port in IIS
    > is set to 443, so I don't think that is the issue. I still get the Page
    > cannot be displayed screen when I try to pull it up.
    >
    > Could there be a problem with the Certificate Authority in Active
    Directory
    > since the original server crashed?
    >
    > -Tim
  5. Archived from groups: microsoft.public.exchange.clients,microsoft.public.exchange2000.general,microsoft.public.win2000.general (More info?)

    Terry-

    You were right on the money. Firefox gave me a much more detailed error
    message. This is what it displays:

    Alert
    Could not establish an encrypted connection because certificate presented by
    <serverA> is invalid or corrupted. Error Code: -8102

    What do you think?

    -Tim

    "Terry" <ttrapp.spam.me.not@org.insurors.r3m0v3m3> wrote in message
    news:a1d2d$42a75f9a$45264c04$31991@NEWSOUTH.NET...
    > Tim,
    > There may be a conflict if you have the old CA certificate loaded on
    > the
    > workstations.You may have to remove the old cert. IE is *REALLY* bad about
    > reporting SSL certificate problems. Often it will simply hang and then
    > display the "The page cannot be displayed" error.
    >
    > I often use Firefox as a diagnostic utility for looking at SSL certificate
    > problems. Give it a try. If it simply reports that it does not know who
    > the
    > CA is, but works anyway after you tell it to accept the certificate, I
    > suspect that you will need to reinstall the cert for the workstation(s).
    >
    > --Terry
    >
    > "Tim Nichols" <tnichols@NOSPAMtoyodatrw.com> wrote in message
    > news:edaPvWGbFHA.720@TK2MSFTNGP15.phx.gbl...
    >> Terry-
    >>
    >> Thank you for your fast response. I just checked and yes, the port in
    >> IIS
    >> is set to 443, so I don't think that is the issue. I still get the Page
    >> cannot be displayed screen when I try to pull it up.
    >>
    >> Could there be a problem with the Certificate Authority in Active
    > Directory
    >> since the original server crashed?
    >>
    >> -Tim
    >
    >
  6. Archived from groups: microsoft.public.exchange.clients,microsoft.public.exchange2000.general,microsoft.public.win2000.general (More info?)

    Tim-

    Well, I must admit I have never used the CA in Windows to sign SSL
    certificates.I use OpenSSL to self sign my certificates. But this is what I
    would do. Remove the certificate from IIS. Create a new certificate request,
    sign it and install the signed certificate.

    Hope that helps. Let me know.

    Terry Trapp


    "Tim Nichols" <tnichols@NOSPAMtoyodatrw.com> wrote in message
    news:e7pGxRPbFHA.2996@TK2MSFTNGP10.phx.gbl...
    > Terry-
    >
    > You were right on the money. Firefox gave me a much more detailed error
    > message. This is what it displays:
    >
    > Alert
    > Could not establish an encrypted connection because certificate presented
    by
    > <serverA> is invalid or corrupted. Error Code: -8102
    >
    > What do you think?
    >
    > -Tim
    >
    > "Terry" <ttrapp.spam.me.not@org.insurors.r3m0v3m3> wrote in message
    > news:a1d2d$42a75f9a$45264c04$31991@NEWSOUTH.NET...
    > > Tim,
    > > There may be a conflict if you have the old CA certificate loaded on
    > > the
    > > workstations.You may have to remove the old cert. IE is *REALLY* bad
    about
    > > reporting SSL certificate problems. Often it will simply hang and then
    > > display the "The page cannot be displayed" error.
    > >
    > > I often use Firefox as a diagnostic utility for looking at SSL
    certificate
    > > problems. Give it a try. If it simply reports that it does not know who
    > > the
    > > CA is, but works anyway after you tell it to accept the certificate, I
    > > suspect that you will need to reinstall the cert for the workstation(s).
    > >
    > > --Terry
    > >
    > > "Tim Nichols" <tnichols@NOSPAMtoyodatrw.com> wrote in message
    > > news:edaPvWGbFHA.720@TK2MSFTNGP15.phx.gbl...
    > >> Terry-
    > >>
    > >> Thank you for your fast response. I just checked and yes, the port in
    > >> IIS
    > >> is set to 443, so I don't think that is the issue. I still get the
    Page
    > >> cannot be displayed screen when I try to pull it up.
    > >>
    > >> Could there be a problem with the Certificate Authority in Active
    > > Directory
    > >> since the original server crashed?
    > >>
    > >> -Tim
    > >
    > >
    >
    >
  7. Archived from groups: microsoft.public.exchange.clients,microsoft.public.exchange2000.general,microsoft.public.win2000.general (More info?)

    Terry-

    That worked. Rather than using the existing certificate (which I did the
    first time), I requested a new certificate, after removing the certificate
    that wasn't working. This appears to have fixed the problem.

    Thanks for your help. Certificate Services and security are not my cup of
    tea, but I am learning.

    -Tim

    "Terry" <ttrapp.spam.me.not@org.insurors.r3m0v3m3> wrote in message
    news:92223$42a862bf$45264c04$32646@NEWSOUTH.NET...
    > Tim-
    >
    > Well, I must admit I have never used the CA in Windows to sign SSL
    > certificates.I use OpenSSL to self sign my certificates. But this is what
    > I
    > would do. Remove the certificate from IIS. Create a new certificate
    > request,
    > sign it and install the signed certificate.
    >
    > Hope that helps. Let me know.
    >
    > Terry Trapp
    >
    >
    > "Tim Nichols" <tnichols@NOSPAMtoyodatrw.com> wrote in message
    > news:e7pGxRPbFHA.2996@TK2MSFTNGP10.phx.gbl...
    >> Terry-
    >>
    >> You were right on the money. Firefox gave me a much more detailed error
    >> message. This is what it displays:
    >>
    >> Alert
    >> Could not establish an encrypted connection because certificate presented
    > by
    >> <serverA> is invalid or corrupted. Error Code: -8102
    >>
    >> What do you think?
    >>
    >> -Tim
    >>
    >> "Terry" <ttrapp.spam.me.not@org.insurors.r3m0v3m3> wrote in message
    >> news:a1d2d$42a75f9a$45264c04$31991@NEWSOUTH.NET...
    >> > Tim,
    >> > There may be a conflict if you have the old CA certificate loaded on
    >> > the
    >> > workstations.You may have to remove the old cert. IE is *REALLY* bad
    > about
    >> > reporting SSL certificate problems. Often it will simply hang and then
    >> > display the "The page cannot be displayed" error.
    >> >
    >> > I often use Firefox as a diagnostic utility for looking at SSL
    > certificate
    >> > problems. Give it a try. If it simply reports that it does not know who
    >> > the
    >> > CA is, but works anyway after you tell it to accept the certificate, I
    >> > suspect that you will need to reinstall the cert for the
    >> > workstation(s).
    >> >
    >> > --Terry
    >> >
    >> > "Tim Nichols" <tnichols@NOSPAMtoyodatrw.com> wrote in message
    >> > news:edaPvWGbFHA.720@TK2MSFTNGP15.phx.gbl...
    >> >> Terry-
    >> >>
    >> >> Thank you for your fast response. I just checked and yes, the port in
    >> >> IIS
    >> >> is set to 443, so I don't think that is the issue. I still get the
    > Page
    >> >> cannot be displayed screen when I try to pull it up.
    >> >>
    >> >> Could there be a problem with the Certificate Authority in Active
    >> > Directory
    >> >> since the original server crashed?
    >> >>
    >> >> -Tim
    >> >
    >> >
    >>
    >>
    >
    >
  8. Archived from groups: microsoft.public.win2000.general,microsoft.public.exchange.clients,microsoft.public.exchange2000.general (More info?)

    Could you please tell me where I can obtain the firefox diagonostic utility
    as I am having the same problem i.e. cannot access my owa site from internet
    and have checked with my ISP who say they do not block my SSL.
    SSOR

    "Tim Nichols" wrote:

    > Terry-
    >
    > That worked. Rather than using the existing certificate (which I did the
    > first time), I requested a new certificate, after removing the certificate
    > that wasn't working. This appears to have fixed the problem.
    >
    > Thanks for your help. Certificate Services and security are not my cup of
    > tea, but I am learning.
    >
    > -Tim
    >
    > "Terry" <ttrapp.spam.me.not@org.insurors.r3m0v3m3> wrote in message
    > news:92223$42a862bf$45264c04$32646@NEWSOUTH.NET...
    > > Tim-
    > >
    > > Well, I must admit I have never used the CA in Windows to sign SSL
    > > certificates.I use OpenSSL to self sign my certificates. But this is what
    > > I
    > > would do. Remove the certificate from IIS. Create a new certificate
    > > request,
    > > sign it and install the signed certificate.
    > >
    > > Hope that helps. Let me know.
    > >
    > > Terry Trapp
    > >
    > >
    > > "Tim Nichols" <tnichols@NOSPAMtoyodatrw.com> wrote in message
    > > news:e7pGxRPbFHA.2996@TK2MSFTNGP10.phx.gbl...
    > >> Terry-
    > >>
    > >> You were right on the money. Firefox gave me a much more detailed error
    > >> message. This is what it displays:
    > >>
    > >> Alert
    > >> Could not establish an encrypted connection because certificate presented
    > > by
    > >> <serverA> is invalid or corrupted. Error Code: -8102
    > >>
    > >> What do you think?
    > >>
    > >> -Tim
    > >>
    > >> "Terry" <ttrapp.spam.me.not@org.insurors.r3m0v3m3> wrote in message
    > >> news:a1d2d$42a75f9a$45264c04$31991@NEWSOUTH.NET...
    > >> > Tim,
    > >> > There may be a conflict if you have the old CA certificate loaded on
    > >> > the
    > >> > workstations.You may have to remove the old cert. IE is *REALLY* bad
    > > about
    > >> > reporting SSL certificate problems. Often it will simply hang and then
    > >> > display the "The page cannot be displayed" error.
    > >> >
    > >> > I often use Firefox as a diagnostic utility for looking at SSL
    > > certificate
    > >> > problems. Give it a try. If it simply reports that it does not know who
    > >> > the
    > >> > CA is, but works anyway after you tell it to accept the certificate, I
    > >> > suspect that you will need to reinstall the cert for the
    > >> > workstation(s).
    > >> >
    > >> > --Terry
    > >> >
    > >> > "Tim Nichols" <tnichols@NOSPAMtoyodatrw.com> wrote in message
    > >> > news:edaPvWGbFHA.720@TK2MSFTNGP15.phx.gbl...
    > >> >> Terry-
    > >> >>
    > >> >> Thank you for your fast response. I just checked and yes, the port in
    > >> >> IIS
    > >> >> is set to 443, so I don't think that is the issue. I still get the
    > > Page
    > >> >> cannot be displayed screen when I try to pull it up.
    > >> >>
    > >> >> Could there be a problem with the Certificate Authority in Active
    > >> > Directory
    > >> >> since the original server crashed?
    > >> >>
    > >> >> -Tim
    > >> >
    > >> >
    > >>
    > >>
    > >
    > >
    >
    >
    >
Ask a new question

Read More

Microsoft Certificate Servers Windows