Tuesday, March 13, 2012

Outlook Anywhere With Self Signed Certificates

General consensus seems to be that you need a proper certificate from a trusted authority before you can get outlook anywhere working. Don't believe them because you can have OWA with a self signed cert.

It's a matter of matching the CN with the address in the url/outlook account. In Exchange shell you'll need a new certificate if they dont yet match:

New-ExchangeCertificate -PrivateKeyExportable $True -Services “IMAP, POP, IIS, SMTP” -SubjectName “cn=external.domain.name"

Enable the certificate and ensure all services are enabled on it.
Enable-ExchangeCertificate -Thumbprint [THUMBPRINT FROM NEW CERT]

Check certs and they're services:

Get-ExchangeCertificate |FL 

Then  import the certificate from IE into your 'Trusted Root Certificate Store".

Should work then..

The assumption is that you have a static IP for your exchange box, but what if you're using a dynamic one with something like dyndns? You'll need to map your OWA domain to whatever the CN your exchange cert is using. Here's a batch file to map a domain of your choice to any other IP based on it's ping result.

Logic as follows:

1. Ping dyndns domain to get current dynamic IP
2. Write IP to host file and map to domain of choice.
3. Put batch file in startup to have updated always in host file

Note: disable UAC in Vista/7

Paste in .bat and replace 'server.to.ping' and 'host.name.in.certificate.org':

@echo off
setlocal EnableDelayedExpansion
set myServer=server.to.ping

for /f "tokens=1,2 delims=[]" %%a IN ('ping -n 1 !myServer!') DO (
 if "%%b" NEQ "" set ip=%%b

echo %ip%>newip.txt

pushd "%systemroot%\system32\drivers\etc"
type hosts|find /i /v "#zzz" > hosts.new
move "%cd%\hosts.new" "%cd%\hosts"
for /f "usebackq" %%a in ("C:\newip.txt") do (
>>hosts echo %%a      host.name.in.certificate.org #zzz.

No comments:

Post a Comment