Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SSL on EV

Created: 04 Sep 2013 • Updated: 16 Sep 2013 | 5 comments
This issue has been solved. See solution.

Dear's,

I need to configure SSL in EV, externally as well as internally so as to allow only https connections to EV servers.

could you please let me know what to include in SAN certificate and also, an internal SAN certificate will be sufficient.

Regards,

Operating Systems:

Comments 5 CommentsJump to latest comment

RRE's picture

Hi Mehtab,

You may want to take a look at http://www.symantec.com/docs/TECH128657

 

________________________________________________________

If this answers your question, Please mark it as solution

JesusWept3's picture

The thing you are really going to have to watch out for is you're going to need multiple responders in the SSL certificate

So you have like

evserver.internal.com as the alias
win2k8msgevapp01.internal.com as the netbios
mail.myCompany.com as the outside URL being published

if you just have evserver.internal.com then any connections made outside will give an SSL warning
or if you get connections made to the actual machine name like win2k8msgevapp01 you will get a warning etc, so your SSL certifiacte will have to cater for the outside name, DNS alias, the netbios and FQDN of the actual machine name etc

If you self sign the certificate you are going to have to distribute the certificate appropriately or you will get the not trusted warnings, which can all intefere with things like OWA access and Vault Cache syncs etc

And if you have an existing EV installation that uses http, you are going to have to use RestoreShortcutBody registry key to rebuild any links to attachments, the message etc to use http instead of https 

But honestly, if you have a team that deals with ISA and certificates already, they should be able to knock this stuff out for you pretty quickly

Pradeep_Papnai's picture

Hi Shaikh,

You should add EV server's hostname, alias for internal usage, Just run following query to know the same.

Use EnterprisevaultDirectory
Select Computername, ComputerNameAlternate from ComputerEntry

You need to also add internet published name of EV server. If you using it testing purpose then internal certificate authority would be good to generate certificate but production it's always recommended to use external certificate authority such as Verisign, godaddy, ...etc.

Long back I created a document for my reference on how we can generate certificate for internal usage (as it mandate for exchange 2013 OWA webapp), now sharing for this community benifits. Most of the steps would be similar for EV side.

In your environment if you are using shortcut with 'view original link' then you need to recreate shortcut body after configuration of EV with SSL.
 
Reference http://www.symantec.com/docs/TECH47364
 

AttachmentSize
How to configure Enterprise vault Server to work with SSL.pdf 611.48 KB
SOLUTION
Pradeep_Papnai's picture

Hi Shaikh,

Do you need any more assistance on EV-SSL?

Regards

EV-C

shaikh mehtab's picture

Dear EV,

 

Thanks for the support. It's all clear .

 

Regards,