Not sure why NAT would have anything to do with certificates, or why the
domain name have to be different on the certificate because of NAT? Are you
trying to say your Windows 2000 domain name is something.local and your
public domain name is something.com?
By name, I mean fqdn (which includes the domain).
To make things easy, try telling us the name of the url a user is typing,
and the common name as listed on the certificate.
If the problem is the url as entered by the user is mail.company.com and the
cert cn is something else, you just need to create a certificate with that
common name and install it on the IIS server used by Outlook Web Access. If
you have Certificate Services installed as an Enterprise Root CA somewhere
in your domain, you can click the button to send the request immediately to
an online certification authority. Otherwise, you may need to save it as a
cert request and load it on a cert server or get a public cert from a
trusted cert authority.
If none of this makes sense, I suggest paying a few bucks for a cert from a
public CA. Even with an internally-generated cert external machines will
receive a message the cert is untrusted. Mark Fugatt turned us on to this
outfit a while back: http://www.instantssl.com/
But you still need to ensure the cn on the cert matches the url the users
type in their web browser.
> NAT has an inert problem with reverse routing... NAT sees the source and
> destination address as the same.
> The name is not different... Just the domain, and the certificate is
> to the distinguished name cn.ou.o
> User's don't use it from internal, only external... I am the only one who
> uses it from internal for testing only.
> > Why would the name be different? Sounds like a pita to me. If the url
> > mail.company.com, I would configure it to work the same internally and
> > externally - and it's less confusing for users.
> > --
> > --
> > > Newbie to certificates...
> > > I have successfully setup OWA with SSL on Exchange 2000. From the
> > > my users are able to gain access to OWA. Internally, I am using a
> > different
> > > domain name because I am behind a NATted firewall.
> > > I get the following on the 'Security Alert' window when accessing the
> > > from inside the firewall:
> > > "The name on the security certificate is invalid or does not match the
> > name
> > > of the site."
> > > My question(s) is/are:
> > > 1. Can I setup IIS to use more than one certificate? If so how?
> > > 2. Is there a better approach to my configuration?
> > > Thanks,
> > > Jody