07-12-2009 11:06 AM - edited 03-18-2019 11:20 PM
Hi there,
From the Cisco docs that I can find that explains the procedure for setting up the Outlook integration with Presence, all of them describe setting up a certificate authority and creating a cert to be installed onto the presence server. This cert is then also installed into the exchange server so both the presence server and exchange server talk SSL.
The problem I think we have here is that our exchange servers already have external SSL certs installed. The certs are called webmail.<domain>.com to match the external DNS name that people use for OWA. The Cisco docs describe installing the cert into the Default Website of IIS on the exchange server, but this is where the other cert is, and you can't have two.
The only workaround I can think of is to set up an internal DNS record pointing webmail.<domain>.com at the internal IP address of the exchange server. Although this is not ideal, we'll do it if that's what needs to be done. I'm just wondering if that's the Cisco way??
Any help/advise greatly appreciated,
Thanks in advance,
Neil
Solved! Go to Solution.
07-13-2009 07:19 AM
There are two solutions:
#1 Create an internal dns record to point the external name to the internal ip address.
#2 You may get a certificate with "alternative name" attribute in it. You may put your internal name as "alternative name".
Michael
07-13-2009 06:33 AM
The whole purpose of the certificate is to set up SSL connection between CUPS and Exchange.
The certificate on Exchange (IIS) could be 3rd-party signed cert. It could also be local CA signed cert or self-signed cert.
Michael
07-13-2009 06:39 AM
Hi Michael,
thanks for the reply.
the cert is a 3rd party cert, the name of it matches the external name of the server - webmail.
My CUPS server is on the inside of the network, if I point the CUPS at the internal name of the server, the cert name is not going to match. If I point teh CUPS at the external name of the server, it will resolve to the public IP, therefore sending it out to the internet in order to come back in.
So do I just create an internal dns record to point the external name to the internal ip address?? Doesn't seem right to me??
Thanks again,
Neil
07-13-2009 07:19 AM
There are two solutions:
#1 Create an internal dns record to point the external name to the internal ip address.
#2 You may get a certificate with "alternative name" attribute in it. You may put your internal name as "alternative name".
Michael
07-13-2009 08:11 AM
thanks Michael.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: