Solved: SSL on EV

shaikh_mehtab · ‎09-04-2013

Dear's,

I need to configure SSL in EV, externally as well as internally so as to allow only https connections to EV servers.

could you please let me know what to include in SAN certificate and also, an internal SAN certificate will be sufficient.

Regards,

Pradeep-Papnai · ‎09-04-2013

Hi Shaikh,

You should add EV server's hostname, alias for internal usage, Just run following query to know the same.

Use EnterprisevaultDirectory
Select Computername, ComputerNameAlternate from ComputerEntry

You need to also add internet published name of EV server. If you using it testing purpose then internal certificate authority would be good to generate certificate but production it's always recommended to use external certificate authority such as Verisign, godaddy, ...etc.

Long back I created a document for my reference on how we can generate certificate for internal usage (as it mandate for exchange 2013 OWA webapp), now sharing for this community benifits. Most of the steps would be similar for EV side.

In your environment if you are using shortcut with 'view original link' then you need to recreate shortcut body after configuration of EV with SSL.

Reference http://www.symantec.com/docs/TECH47364

View solution in original post

RRE · ‎09-04-2013

Hi Mehtab,

You may want to take a look at http://www.symantec.com/docs/TECH128657

JesusWept3 · ‎09-04-2013

The thing you are really going to have to watch out for is you're going to need multiple responders in the SSL certificate

So you have like

evserver.internal.com as the alias
win2k8msgevapp01.internal.com as the netbios
mail.myCompany.com as the outside URL being published

if you just have evserver.internal.com then any connections made outside will give an SSL warning
or if you get connections made to the actual machine name like win2k8msgevapp01 you will get a warning etc, so your SSL certifiacte will have to cater for the outside name, DNS alias, the netbios and FQDN of the actual machine name etc

If you self sign the certificate you are going to have to distribute the certificate appropriately or you will get the not trusted warnings, which can all intefere with things like OWA access and Vault Cache syncs etc

And if you have an existing EV installation that uses http, you are going to have to use RestoreShortcutBody registry key to rebuild any links to attachments, the message etc to use http instead of https

But honestly, if you have a team that deals with ISA and certificates already, they should be able to knock this stuff out for you pretty quickly

https://www.linkedin.com/in/alex-allen-turl-07370146

Pradeep-Papnai · ‎09-04-2013

Hi Shaikh,

You should add EV server's hostname, alias for internal usage, Just run following query to know the same.

Use EnterprisevaultDirectory
Select Computername, ComputerNameAlternate from ComputerEntry

You need to also add internet published name of EV server. If you using it testing purpose then internal certificate authority would be good to generate certificate but production it's always recommended to use external certificate authority such as Verisign, godaddy, ...etc.

Long back I created a document for my reference on how we can generate certificate for internal usage (as it mandate for exchange 2013 OWA webapp), now sharing for this community benifits. Most of the steps would be similar for EV side.

In your environment if you are using shortcut with 'view original link' then you need to recreate shortcut body after configuration of EV with SSL.

Reference http://www.symantec.com/docs/TECH47364

Pradeep-Papnai · ‎09-13-2013

Hi Shaikh,

Do you need any more assistance on EV-SSL?

Regards

EV-C

shaikh_mehtab · ‎09-16-2013

Dear EV,

Thanks for the support. It's all clear .

Regards,

VOX

SSL on EV