Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3200
  • Last Modified:

Exchange 2007 Certificate Principal Mismatch (Best Practices Anlyzer)

We are setting up a new Exchange 2007 server and are running into a warning during the Best Practices Analyzer. The certificate we have created is a Comodo Multi-domain certificate that contains 4 names.

mail.mydomain.com (because Outlook 2007 requires it to work properly from what we have understood.)
autodiscover.mydomain.com (what people will be connecting to from the outside)
MX01 (name of the mail server in the domain)
MX01.mydomain.com (name of the mail server in the domain FQDN)


The error we get in the Best Practices Analyzer is this:
----------------------------------------------------
Certificate Principal Mismatch
The principal for SSL certificate 'https://mydomain.com' does not appear to match the host address. Host address: mydomain.com. Principal: C=SE, PostalCode=11641, S=STOCKHOLM, L=STO, STREET=Mystreet, O=MyCompanyname, OU=Management, OU=COMODO Multi-Domain SSL, CN=MX01.mydomain.com.
-------------------------------------------------


The command we issued to create the certificate request was:
-------------------------------------------------
New-ExchangeCertificate -generaterequest -subjectname "dc=com,dc=mydomain,o=Domain Controllers,cn=mydomain.com" -domainname mail.mydomain.com, MX01, MX01.mydomain.com,autodiscover.mydomain.com -PrivateKeyExportable $true -path c:\certrequest_mx01.txt
-------------------------------------------------


The certificate we get back from Comodo installed fine and from what I've seen so far both OWA and our older Outlook 2003 clients connect without any certificate warnings. Despite this we can't get rid of the warning in the analyze tool. Any ideas why this is? We have recalled the certificate and tried setting different domains as the primare name but this didn't help (we tried both mail.mydomain.com and MX01.mydomain.com as the primary). This might be nothing but I would really like to make sure before we go live with the system.

Thanks!
0
Debugger_systems
Asked:
Debugger_systems
1 Solution
 
Debugger_systemsAuthor Commented:
> mail.mydomain.com (because Outlook 2007 requires it to work properly from what we have understood.)
> autodiscover.mydomain.com (what people will be connecting to from the outside)

Sorry, switched the explanations on those two. People will connect to "mail" and "autodiscover" is for Outlook 2006
0
 
SembeeCommented:
BPA has been mentioning that error since version 1.0. I ignore it. No one has a certificate for domain.com - I don't know why Microsoft test for it.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now