To all those people that say you Can’t use a self-signed cert and be able to connect to Exchange using Outlook Anywhere, I say pfffff***.
I just did it. See near the bottom for instructions – basically you need to import the self-signed cert into your Trusted Root Certification Authorities.
In case you don’t know….Outlook Anywhere allows you to connect your Outlook Client to Exchange over the internet without having to VPN in or anything. It is still secure because it tunnels everything over the HTTPS connection that you would use if you were using OWA (Outlook Web Access). This means you can get internet somewhere and just start up your Outlook and get connected and have full functionality! It’s great!
If you don’t want to buy a SSL Cert, you can use the Self-Signed one that your Exchange installed – it is just as secure – and you know it is safe (even if your computer doesn’t) because you are the one that signed/created it!
Anyway….after you get Exchange setup with Outlook Anywhere (on 2010, you just have click a check box!), you need to setup your Outlook client. There are lots of examples on the web on how to do this part, but here are some quick ones:
On the Exchange Settings screen, put in your INTERNAL EXCHANGE name (not the externally known one), and put in your user name.
Click More Settings.
In the Exchange Settings dialog box, select the Configure Outlook Anywhere check box and then select the Connect to Exchange Mailbox using HTTP check box.
In the text box that follows these check boxes, type the server name for the Outlook Anywhere proxy server. Do not enter http:// or https:// as part of the name. This will be the external name – should be the same as your OWA like this: mail.yourdomain.com
Select Mutually authenticate the session when the system connects with SSL and enter the principal name of the proxy server. This will be like this: msstd:mail.yourdomain.com
Select whether or not to reverse the default way in which Outlook decides which connection type to try first, LAN (TCP/IP) or Outlook Anywhere (HTTP). The default is LAN (TCP/IP) first, then Outlook Anywhere (HTTP). If you expect users to connect when they are outside the corporate network more frequently than when they are inside the corporate network, we recommend that you configure Outlook to try Outlook Anywhere (HTTP) first.
Select an authentication method from the drop-down list. If in doubt, use Basic Authentication.
Click OK to return to the Exchange Settings dialog box, and then click Finish.
Now here is the tricky part – it all won’t work until you import your self-signed cert. To do this, start up IE and browse to your OWA where you will get the Cert error. Continue anyway.
Then at the top of the browser window, you should see “Certificate Error”. Click this and then click, “View Certificates”. Next, click Install Certificate. Now choose “Place all certificates in the following store” and click Browse. Choose Trusted Root Certification Authorities and click Ok. Once you click Next and Finish, it should say Import Successful. Now if you close your browser, re-open it and go back to your OWA URL, you should no longer get the Cert warning.
AND…best of all… your Outlook will now connect to your Exchange without a VPN connection!
Enjoy!
Jim
No comments:
Post a Comment