Woggy64
asked on
Exchange certificates mismatched address
Ok so i created my own certificate in exchange 2010 for owa but when i install it on the local pcs i get a mismatched address certificate error please help, what do i do? or what am i doing wrong??
kind regards,
kind regards,
Check the attachment and see whether you have these names listed in "Subject Alternative Name"
Please check this as well
http://www.ehow.com/how_5054848_remove-certificate-flags-internet-explorer.html
certscreenshot.png
Please check this as well
http://www.ehow.com/how_5054848_remove-certificate-flags-internet-explorer.html
certscreenshot.png
ASKER
This is what I have, should it be different? if so how would I alter these settings?
4.png
4.png
you should reissue the cert with SANs included(i.e. include the above mentioned names)
ASKER
I don't understand? which ones do I add? I already have the ones listed above in my SANS list
You should access your server by this name
https://mail.domainname.local/owa not https://mail/owa
By default it will open https://mail.domainname.local/owa if you create a redirect in IIS
Check this for redirect
http://social.technet.microsoft.com/wiki/contents/articles/simplify-the-outlook-web-app-url-in-exchange-server-2010.aspx
https://mail.domainname.local/owa not https://mail/owa
By default it will open https://mail.domainname.local/owa if you create a redirect in IIS
Check this for redirect
http://social.technet.microsoft.com/wiki/contents/articles/simplify-the-outlook-web-app-url-in-exchange-server-2010.aspx
ASKER
what about for the external owa how would i set that up?
Create a new Forward Lookup Zone in DNS server same as your external domain name.
and create an A record in the newly created zone "mail" pointing to you internal IP.
This way internal and external OWA access URL will become the same.
or
if you want to access your owa by https://mail/owa
you have to add mail as SAN in your certificate
(in this case internal and external access URL will be different)
and create an A record in the newly created zone "mail" pointing to you internal IP.
This way internal and external OWA access URL will become the same.
or
if you want to access your owa by https://mail/owa
you have to add mail as SAN in your certificate
(in this case internal and external access URL will be different)
ASKER
We have a Sonicwall NSA4500 - do we need to add or change anything in that to make the OWA available from the outside?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1. mail.domain.com (common name)
2. autodiscover.domain.com
3. Internal FQDN (not a good practice as in future you cannot add internal FQDN)
Can you post a screenshot of the error