So now I have two sites available externally through our firewall, one for OWA and one for WORLDOX. Both require SSL to connect.
Problem was it was taking about 20-30 seconds for the certificate warning to appear telling users that the certificate was unknown or didn't match the address entered.
The fact that the warning appears is fine because this is an in-house generated certificate and that warning will appear until you put the server's certificate in the Trusted Known Root Certificates in IE.
Anyhow, I found out that the initial response is much quicker if you turn off Certificate Revocation List (CRL) checking.
How do you do this? Here's the easy GUI way (can also be done through scripting, but I prefer GUI admin methods, but that's just me):
Be sure you have a good current backup of your server before messing with the IIS metabase. Like working with the registry, you can seriously screw things up if you aren't careful.
Make sure you turn on Enable Direct Metabase Edit before you do this by right clicking on the server name in IIS Admin, selecting Properties and then clicking in the checkbox labeled Enable Direct Metabase Edit.
Download the IIS Resource Kit.
Install the Metabase Explorer tool.
Open it up and go to \LM\W3SVC.
Create a new DWORD record named CertCheckMode (if it doesn't already exist). Set the data field to something other than 0.
Alternatively, you can add the DWORD record to one of the server instances as opposed to the global service by going to \LM\W3SVC\# where # is the number of the server instance you want to configure.
I guess this is for exchange2003 as the "enable direct metabase edit" doesn't exist on exchange2000.
Posted by: Andy | Monday, October 18, 2004 at 08:29 AM
Yes, sorry, that specific setting is in the IIS manager for Windows Server 2003.
Probably have to make a registry change in Windows Server 2000.
Posted by: Alex Scoble | Monday, October 18, 2004 at 05:20 PM
I am running exchange2003 on a 2003 server. I tried the steps above and the cert is still taking about 30 to 40 seconds to come up on OWA. Actually, the cert is slow on IE. If I use firefox, it comes up in a second or two. Any other suggestions?
thanks
Posted by: DMN | Sunday, January 16, 2005 at 09:35 AM