AllenM
Wed May 14 15:45:44 PDT 2008
This is a multi-part message in MIME format.
------=_NextPart_000_004A_01C8B5D9.92229610
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I believe you are correct on that regarding the ports. I think the =
easiest way would be to get another FQDN so there's no confusion and =
then rekey my ssl using a different common name. Can I use the same IP =
for a different FQDN?
"Cris Hanna [SBS-MVP]" <crisnospamhanna@cpunospamservices.net> wrote =
in message news:e0%23UH4gtIHA.1872@TK2MSFTNGP04.phx.gbl...
The only issue I see is that for the new site, based on the previous =
responses
but if its the same FQDN.com for all...the cert should work
externally its https://FQDN.com:5050 but internally its =
http://servername:8084 (WSS3.0) and this works
I think the ports have to match...someone else may know better
--=20
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues
"AllenM" <noreply@NoEmail.com> wrote in message =
news:OGpVbTgtIHA.2188@TK2MSFTNGP04.phx.gbl...
thanks Chris. This may be the answer because accordning to godaddy =
they say they can view my certificate using Open SSL and it shows I'm =
still using the self signed key even though I removed all keys from =
within MMC/Certificates. So I will try this. But before I do can I ask =
one more time if you think this godaddy certificate will work on=20
https://FQDN.com/exchange
https://FQDN.com/remote and
https://FQDN.com/:444
as well as working on=20
https://FQDN.com:5050
As of now everything works externally except the above and =
internally everything works including internal access to WSS 3.0 at =
http://servername:8084
"Cris Hanna [SBS-MVP]" <crisnospamhanna@cpunospamservices.net> wrote =
in message news:uxL%23UPgtIHA.3792@TK2MSFTNGP02.phx.gbl...
If you are wanting to use the godaddy cert for all sites
You need to re-run the CEICW and there you will get the option to =
use your go daddy cert, rather than the self signed cert
--=20
Cris Hanna [SBS-MVP]
-------------------------------------------------
Microsoft MVPs
Independent Experts (MVPs do not work for MS)
Real World Answers
---------------------------------------------------------
Please do not contact me directly regarding issues
"AllenM" <noreply@NoEmail.com> wrote in message =
news:ucc6OGgtIHA.5500@TK2MSFTNGP04.phx.gbl...
Here is my current environment:
SBS 2003 SP1
ISA 2004 SP2
MS Exch SP2
I've got all my sharepoint services websites published for =
external access=20
and all work fine. I have a registered FQDN pointing to my =
external IP so=20
that I can use to access my SSL site using the below listed =
links.
https://FQDN.com/exchange
https://FQDN.com/remote and
https://FQDN.com/:444
These all work just fine and dandy. I used a self signed =
certificate that I=20
generated within SBS and this works fine. You get the website =
error when you=20
first go to one of the above listed websites but once you =
install it the=20
next time and there after everything is fine.
Recently I installed WSS 3.0 in a side by side install as =
recommended by MS.=20
I went to godaddy and requested a web certificate. Got a great =
deal. 5 years=20
for like 14.99 a year. Anyways I went through the whole process =
and created=20
my CSR in IIS and sent it to godaddy.
Now here is where I think the problem exists. When creating the =
CSR to=20
submit to godaddy for my SSL I used the same "COMMON NAME" that =
is used for=20
the above websites. I thought this was ok because it was using a =
different=20
SSL port. So when I try to go the the WSS 3.0 website externally =
I get the=20
following.......
https://FQDN.com:5050 I get a page not found error. The error =
code is
Error Code: 500 Internal Server Error. The target principla name =
is=20
incorrect.
Well after doing some researching and speaking with godaddy TS I =
was told=20
that my SSL certificate from them still shows I'm using a self =
signed key as=20
opposed to the private key issued to me by godaddy. They use the =
tool Open=20
SSL to view the certificate being used.
So I thought about it and discovered it has to be because my =
other SSL=20
websites are using the self signed SSL certificate generated =
within SBS with=20
the same name. So they suggested I get rid of thse self signed =
keys and=20
rekey another one for reissue. I went into the MMC/Certificates =
and under=20
the Personal Certificates removed all gomajaro self signed =
certificates as=20
well as the new godaddy one. I created a new CSR and rekeyed my =
web=20
certificate and resubmitted using the same name as the common =
name. Applied=20
to the WSS 3.0 website and made the apprpriate changes in ISA. =
Still get the=20
same error messages.
I can still access my old ssl websites
I can access internally
http://companyweb (WSS2.0) as well as=20
http://servername:8084 (WSS3.0)
Now from the outside when I go the any one of the above ssl =
websites and=20
view the certificate is shows publishing.domainname.local
Where am I going wrong and what do I need to do. thanks for the =
assistance=20
once again.
Allen=20
------=_NextPart_000_004A_01C8B5D9.92229610
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.6000.16608" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I believe you are correct on that =
regarding the=20
ports. I think the easiest way would be to get another FQDN so there's =
no=20
confusion and then rekey my ssl using a different common name. Can I use =
the=20
same IP for a different FQDN?</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Cris Hanna [SBS-MVP]" <<A=20
=
href=3D"mailto:crisnospamhanna@cpunospamservices.net">crisnospamhanna@cpu=
nospamservices.net</A>>=20
wrote in message <A=20
=
href=3D"news:e0%23UH4gtIHA.1872@TK2MSFTNGP04.phx.gbl">news:e0%23UH4gtIHA.=
1872@TK2MSFTNGP04.phx.gbl</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>The only issue I see is that for the =
new site,=20
based on the previous responses</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>but if its the same FQDN.com for =
all...the cert=20
should work</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>externally its <A=20
href=3D"https://FQDN.com:5050">https://FQDN.com:5050</A> =
but=20
internally its <A href=3D"
http://servername:8084"><FONT face=3D"Times =
New Roman"=20
size=3D3>
http://servername:8084</FONT></A><FONT face=3D"Times New =
Roman" size=3D3>=20
(WSS3.0) and this works</FONT></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>I think the ports have to =
match...someone else=20
may know better</FONT></DIV>
<DIV><BR>-- <BR>Cris Hanna=20
=
[SBS-MVP]<BR>-------------------------------------------------<BR>Microso=
ft=20
MVPs<BR> Independent Experts (MVPs do not work for MS)<BR>Real =
World=20
=
Answers<BR>---------------------------------------------------------<BR>P=
lease=20
do not contact me directly regarding issues<BR></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"AllenM" <<A=20
href=3D"mailto:noreply@NoEmail.com">noreply@NoEmail.com</A>> =
wrote in=20
message <A=20
=
href=3D"news:OGpVbTgtIHA.2188@TK2MSFTNGP04.phx.gbl">news:OGpVbTgtIHA.2188=
@TK2MSFTNGP04.phx.gbl</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>thanks Chris. This may be the =
answer because=20
accordning to godaddy they say they can view my certificate using =
Open SSL=20
and it shows I'm still using the self signed key even though I =
removed all=20
keys from within MMC/Certificates. So I will try this. But before I =
do can I=20
ask one more time if you think this godaddy certificate will work on =
</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><A =
href=3D"https://fqdn.com/exchange">https://FQDN.com/exchange</A><BR><A=20
href=3D"https://fqdn.com/remote">https://FQDN.com/remote</A> =
and<BR><A=20
href=3D"https://FQDN.com/:444">https://FQDN.com/:444</A><BR></DIV>
<DIV><FONT face=3DArial size=3D2>as well as working on </FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><A=20
=
href=3D"https://FQDN.com:5050">https://FQDN.com:5050</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>As of now everything works =
externally except=20
the above and internally everything works including internal access =
to WSS=20
3.0 at <A=20
=
href=3D"
http://servername:8084">http://servername:8084</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV>"Cris Hanna [SBS-MVP]" <<A=20
=
href=3D"mailto:crisnospamhanna@cpunospamservices.net">crisnospamhanna@cpu=
nospamservices.net</A>>=20
wrote in message <A=20
=
href=3D"news:uxL%23UPgtIHA.3792@TK2MSFTNGP02.phx.gbl">news:uxL%23UPgtIHA.=
3792@TK2MSFTNGP02.phx.gbl</A>...</DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV><FONT face=3DArial size=3D2>If you are wanting to use the =
godaddy cert=20
for all sites</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>You need to re-run the CEICW and =
there you=20
will get the option to use your go daddy cert, rather than the =
self signed=20
cert</FONT></DIV>
<DIV><BR>-- <BR>Cris Hanna=20
=
[SBS-MVP]<BR>-------------------------------------------------<BR>Microso=
ft=20
MVPs<BR> Independent Experts (MVPs do not work for =
MS)<BR>Real World=20
=
Answers<BR>---------------------------------------------------------<BR>P=
lease=20
do not contact me directly regarding issues<BR></DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"AllenM" <<A=20
href=3D"mailto:noreply@NoEmail.com">noreply@NoEmail.com</A>> =
wrote in=20
message <A=20
=
href=3D"news:ucc6OGgtIHA.5500@TK2MSFTNGP04.phx.gbl">news:ucc6OGgtIHA.5500=
@TK2MSFTNGP04.phx.gbl</A>...</DIV>Here=20
is my current environment:<BR>SBS 2003 SP1<BR>ISA 2004 SP2<BR>MS =
Exch=20
SP2<BR><BR>I've got all my sharepoint services websites =
published for=20
external access <BR>and all work fine. I have a registered FQDN =
pointing=20
to my external IP so <BR>that I can use to access my SSL site =
using the=20
below listed links.<BR><BR><A=20
=
href=3D"https://FQDN.com/exchange">https://FQDN.com/exchange</A><BR><A=20
href=3D"https://FQDN.com/remote">https://FQDN.com/remote</A> =
and<BR><A=20
=
href=3D"https://FQDN.com/:444">https://FQDN.com/:444</A><BR><BR><BR>These=
=20
all work just fine and dandy. I used a self signed certificate =
that I=20
<BR>generated within SBS and this works fine. You get the =
website error=20
when you <BR>first go to one of the above listed websites but =
once you=20
install it the <BR>next time and there after everything is=20
fine.<BR><BR>Recently I installed WSS 3.0 in a side by side =
install as=20
recommended by MS. <BR>I went to godaddy and requested a web=20
certificate. Got a great deal. 5 years <BR>for like 14.99 a =
year.=20
Anyways I went through the whole process and created <BR>my CSR =
in IIS=20
and sent it to godaddy.<BR><BR>Now here is where I think the =
problem=20
exists. When creating the CSR to <BR>submit to godaddy for my =
SSL I used=20
the same "COMMON NAME" that is used for <BR>the above websites. =
I=20
thought this was ok because it was using a different <BR>SSL =
port. So=20
when I try to go the the WSS 3.0 website externally I get the=20
<BR>following.......<BR><BR><A=20
href=3D"https://FQDN.com:5050">https://FQDN.com:5050</A> I get a =
page not=20
found error. The error code is<BR><BR>Error Code: 500 Internal =
Server=20
Error. The target principla name is <BR>incorrect.<BR><BR>Well =
after=20
doing some researching and speaking with godaddy TS I was told =
<BR>that=20
my SSL certificate from them still shows I'm using a self signed =
key as=20
<BR>opposed to the private key issued to me by godaddy. They use =
the=20
tool Open <BR>SSL to view the certificate being used.<BR><BR>So =
I=20
thought about it and discovered it has to be because my other =
SSL=20
<BR>websites are using the self signed SSL certificate generated =
within=20
SBS with <BR>the same name. So they suggested I get rid of thse =
self=20
signed keys and <BR>rekey another one for reissue. I went into =
the=20
MMC/Certificates and under <BR>the Personal Certificates removed =
all=20
gomajaro self signed certificates as <BR>well as the new godaddy =
one. I=20
created a new CSR and rekeyed my web <BR>certificate and =
resubmitted=20
using the same name as the common name. Applied <BR>to the WSS =
3.0=20
website and made the apprpriate changes in ISA. Still get the =
<BR>same=20
error messages.<BR>I can still access my old ssl =
websites<BR><BR>I can=20
access internally <A =
href=3D"
http://companyweb">http://companyweb</A>=20
(WSS2.0) as well as <BR><A=20
href=3D"
http://servername:8084">http://servername:8084</A>=20
(WSS3.0)<BR><BR>Now from the outside when I go the any one of =
the above=20
ssl websites and <BR>view the certificate is shows=20
publishing.domainname.local<BR><BR>Where am I going wrong and =
what do I=20
need to do. thanks for the assistance <BR>once again.<BR>Allen=20
=
<BR><BR></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML=
>
------=_NextPart_000_004A_01C8B5D9.92229610--