# Solved: Exchange/OWA 2003 Help (certificates and external access)



## neil21stirling (Sep 12, 2007)

Hi guys,

forgive the long explanation but here's my problem,
Inherited an issue at my work with our Small business server, running exchange 2003 for the entire organisation.
My issue is that previously there was a self signed certificate in use for OWA etc, 
however some changes were recently made in the way of a server upgrade and change of broadband providers, which also called the the removal of ISA.

The domain for the server in question is using ".local" instead of a FQDN (which had been setup long before i started working for them) 
Access to OWA is fine both internal and external i.e. internal using //domain/exchange
external using https://81.1x1.2x4.2x6/exchange

which is fine as everyone can gain access, however there are alot of problems surrounding the certificate, which is out of date and obviously self signed anyway.
I do have access to gain fully trusted certificates for the site, however at the moment obviously our CSR file doesn't seem to have any of the below except the common name which is http://192.168.xxx.1/exchange
countryName = 
stateOrProvinceName = 
localityName = 
organizationName = 
organizationalUnitName = 
commonName = (only occupied field of information)

What i really need help with here is a decent explanation of how to possibly keep the ".local" domain name on the current server, allow for a external domain such as owa.domain.org.uk to be used for external access and have the CSR file recognise this information in order to use a trusted certificate.

All ideas welcome.
thanks


----------



## peterh40 (Apr 15, 2007)

You need to create a multi-name certificate with Alt-subject names listed, you have as many as you like including the .local names. 
The certificate wizard with IIS 6 can create certificates but can be problematic for more complex CSRs, I use a free tool called OpenSSL or you can use the Keytool.exe that comes with Java JRE, to create your certificates. See 
http://therowes.net/~greg/2008/01/08/creating-a-certificate-with-multiple-hostnames/


----------



## neil21stirling (Sep 12, 2007)

thanks for the info,
will look over the link you have given and get back to you with any results of what i try.


----------

