• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 693
  • Last Modified:

Certificate for Exchange 2007 Mail/Hub Server

I have two exchange servers, one is a Mail/Hub server and the other is a CAS server.  The CAS server has a working UCC Certificate on it, we are having no problems.  I recently setup secure imap for our field offices to use and had to get secure smtp working for their outgoing mail.  We are currently in a mixed environement during migration and have 2 2003 servers up also.  I set a NAT rule in the firewall for any traffic coming in on port 587 (send connector already in place for smtp) to be pushed to the 2007 Mail/Hub server.  I can set it all up in thunderbird (or any other app) and point both incoming and outgoing to go to my CAS.  It all works well, except every time i send a message I get prompted with an error:

"You have attempted to establish a connection with "CAS Server".  However, the security certificate presented belongs to "Mail/Hub Server".  It is possible, though unlikely, that someone may be trying to intercept your communication with this website."

Then I can either cancel, hit ok, or view cert.  If I hit ok, it goes through, but prompts me for every send.  The only public facing cert is on the CAS, yet the error indicates the cert is on the mail/hub.  Is this a thunderbird issue, or is there some certificate work I can do to solve this?  Do I need a certificate for my mail/hub.  Do I need to add the Mail/Hub server as a SAN in the UCC?
0
Lucas Bruch
Asked:
Lucas Bruch
  • 3
  • 3
2 Solutions
 
ParanormasticCryptographic EngineerCommented:
Your UC cert should have at minimum:
servername (netbios name)
mail.domain.com
autodiscover.domain.com
autodiscover.domain.local

Is this the case?  If not, contact your cert vendor and see if you can get the UC cert reissued with the correct names - usually you can do this for free within 14 or 30 days, depending on the vendor.
0
 
Lucas BruchAuthor Commented:
My UCC cert has:
servername
mail.domain.com
autodiscover.domain.com

I do not have the .local.  But I do not believe that this has anything to do with autodiscover portion.
0
 
ParanormasticCryptographic EngineerCommented:
yes, typo - last should be server.domain.local, but if that doesn't apply it doesn't really matter anyways I guess...

Take a look at this - see if it helps... skip ahead to the instructions and ignore the opening paragraph.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
ParanormasticCryptographic EngineerCommented:
0
 
Lucas BruchAuthor Commented:
Well, I got a new UCC Cert with my mail server name on there and it appears to be working.
0
 
Lucas BruchAuthor Commented:
I should note that the server i had to add was for my mail hub server, not my CAS.  If you are going to do secure smtp, be sure to have that in the ucc cert.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now