09-04-2013 01:11 AM
Dear's,
I need to configure SSL in EV, externally as well as internally so as to allow only https connections to EV servers.
could you please let me know what to include in SAN certificate and also, an internal SAN certificate will be sufficient.
Regards,
Solved! Go to Solution.
09-04-2013 06:29 AM
Hi Shaikh,
You should add EV server's hostname, alias for internal usage, Just run following query to know the same.
Use EnterprisevaultDirectory
Select Computername, ComputerNameAlternate from ComputerEntry
You need to also add internet published name of EV server. If you using it testing purpose then internal certificate authority would be good to generate certificate but production it's always recommended to use external certificate authority such as Verisign, godaddy, ...etc.
Long back I created a document for my reference on how we can generate certificate for internal usage (as it mandate for exchange 2013 OWA webapp), now sharing for this community benifits. Most of the steps would be similar for EV side.
In your environment if you are using shortcut with 'view original link' then you need to recreate shortcut body after configuration of EV with SSL.
Reference http://www.symantec.com/docs/TECH47364
09-04-2013 01:32 AM
Hi Mehtab,
You may want to take a look at http://www.symantec.com/docs/TECH128657
09-04-2013 06:14 AM
The thing you are really going to have to watch out for is you're going to need multiple responders in the SSL certificate
So you have like
evserver.internal.com as the alias
win2k8msgevapp01.internal.com as the netbios
mail.myCompany.com as the outside URL being published
if you just have evserver.internal.com then any connections made outside will give an SSL warning
or if you get connections made to the actual machine name like win2k8msgevapp01 you will get a warning etc, so your SSL certifiacte will have to cater for the outside name, DNS alias, the netbios and FQDN of the actual machine name etc
If you self sign the certificate you are going to have to distribute the certificate appropriately or you will get the not trusted warnings, which can all intefere with things like OWA access and Vault Cache syncs etc
And if you have an existing EV installation that uses http, you are going to have to use RestoreShortcutBody registry key to rebuild any links to attachments, the message etc to use http instead of https
But honestly, if you have a team that deals with ISA and certificates already, they should be able to knock this stuff out for you pretty quickly
09-04-2013 06:29 AM
Hi Shaikh,
You should add EV server's hostname, alias for internal usage, Just run following query to know the same.
Use EnterprisevaultDirectory
Select Computername, ComputerNameAlternate from ComputerEntry
You need to also add internet published name of EV server. If you using it testing purpose then internal certificate authority would be good to generate certificate but production it's always recommended to use external certificate authority such as Verisign, godaddy, ...etc.
Long back I created a document for my reference on how we can generate certificate for internal usage (as it mandate for exchange 2013 OWA webapp), now sharing for this community benifits. Most of the steps would be similar for EV side.
In your environment if you are using shortcut with 'view original link' then you need to recreate shortcut body after configuration of EV with SSL.
Reference http://www.symantec.com/docs/TECH47364
09-13-2013 01:19 PM
Hi Shaikh,
Do you need any more assistance on EV-SSL?
Regards
EV-C
09-16-2013 12:08 AM
Dear EV,
Thanks for the support. It's all clear .
Regards,