We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


IIS, Exchange 2007 and the UCC (SAN) Cert

IncubusJax asked
Medium Priority
Last Modified: 2012-05-06
Hey guys,

Having a problem here and I'm not quite sure how to go about it, or if I can at all.

So here's what's going on. I have exchange 2007 running on server 2008. Everything is running fine. This is the only server with exchange, and the only OWA server also.

Here's what I've done.

I've installed a UCC certificate with the folowing CN: webmail.domain.com

It has the following SA names: servername.domain.local; autodiscover.domain.com

I have an HTTP redirect in IIS7 running on the default webpage to point servername.domain.local at servername.domain.local/owa

The cert works fine for MAPI, POP, IMAP and IIS.

However, here's the problem:

IIS works fine from the outside when I type https://webmail.domain.com - no certificate warnings.

But from the inside when I type "servername.domain.local" I'm still getting a certificate warning. I'm assuming that this is because I'm redirecting to /owa, but when I try and rekey my UCC cert, it will not allow me to have an SA name with /owa on it.

Any ideas on what I can do to resolve this issue?

Many thanks,
Watch Question

Expert of the Quarter 2009
Expert of the Year 2009
Certificates do not have / anything in them. They protect a host name only, not directories.
Therefore the fact that you are redirecting to /owa should not cause any problems.

How did you do the redirect? If you enter the full URL in manually, not through a redirect, does it work correctly then?


Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts



If I type "https://servername.domain.local" then it works great.

But if I type "http://servername.domain.local" then it get the certificate error.

Here's how I have redirection set up :

Under "Default Website" in IIS7 I have enabled "redirect requests to this destination: "/owa" under the HTTP Redirect icon.

I also have a 403 redirect enabled to "https://servername/owa", which now that I think about it, may be the problem. I'm going to change that and test.

Heh, that was the problem. Dang. See I just needed you to help my logic it through. ;)

Thank You!

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.