Certificate for Exchange 2007 Mail/Hub Server

Posted on 2009-04-07
Last Modified: 2013-11-29
I have two exchange servers, one is a Mail/Hub server and the other is a CAS server.  The CAS server has a working UCC Certificate on it, we are having no problems.  I recently setup secure imap for our field offices to use and had to get secure smtp working for their outgoing mail.  We are currently in a mixed environement during migration and have 2 2003 servers up also.  I set a NAT rule in the firewall for any traffic coming in on port 587 (send connector already in place for smtp) to be pushed to the 2007 Mail/Hub server.  I can set it all up in thunderbird (or any other app) and point both incoming and outgoing to go to my CAS.  It all works well, except every time i send a message I get prompted with an error:

"You have attempted to establish a connection with "CAS Server".  However, the security certificate presented belongs to "Mail/Hub Server".  It is possible, though unlikely, that someone may be trying to intercept your communication with this website."

Then I can either cancel, hit ok, or view cert.  If I hit ok, it goes through, but prompts me for every send.  The only public facing cert is on the CAS, yet the error indicates the cert is on the mail/hub.  Is this a thunderbird issue, or is there some certificate work I can do to solve this?  Do I need a certificate for my mail/hub.  Do I need to add the Mail/Hub server as a SAN in the UCC?
Question by:Lucas Bruch
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 31

Assisted Solution

Paranormastic earned 100 total points
ID: 24090952
Your UC cert should have at minimum:
servername (netbios name)

Is this the case?  If not, contact your cert vendor and see if you can get the UC cert reissued with the correct names - usually you can do this for free within 14 or 30 days, depending on the vendor.

Author Comment

by:Lucas Bruch
ID: 24091027
My UCC cert has:

I do not have the .local.  But I do not believe that this has anything to do with autodiscover portion.
LVL 31

Expert Comment

ID: 24091844
yes, typo - last should be server.domain.local, but if that doesn't apply it doesn't really matter anyways I guess...

Take a look at this - see if it helps... skip ahead to the instructions and ignore the opening paragraph.
Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

LVL 31

Expert Comment

ID: 24091845

Author Comment

by:Lucas Bruch
ID: 24435021
Well, I got a new UCC Cert with my mail server name on there and it appears to be working.

Accepted Solution

Lucas Bruch earned 0 total points
ID: 24435043
I should note that the server i had to add was for my mail hub server, not my CAS.  If you are going to do secure smtp, be sure to have that in the ucc cert.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question