Solved

Certificate for Exchange 2007 Mail/Hub Server

Posted on 2009-04-07
6
672 Views
Last Modified: 2013-11-29
I have two exchange servers, one is a Mail/Hub server and the other is a CAS server.  The CAS server has a working UCC Certificate on it, we are having no problems.  I recently setup secure imap for our field offices to use and had to get secure smtp working for their outgoing mail.  We are currently in a mixed environement during migration and have 2 2003 servers up also.  I set a NAT rule in the firewall for any traffic coming in on port 587 (send connector already in place for smtp) to be pushed to the 2007 Mail/Hub server.  I can set it all up in thunderbird (or any other app) and point both incoming and outgoing to go to my CAS.  It all works well, except every time i send a message I get prompted with an error:

"You have attempted to establish a connection with "CAS Server".  However, the security certificate presented belongs to "Mail/Hub Server".  It is possible, though unlikely, that someone may be trying to intercept your communication with this website."

Then I can either cancel, hit ok, or view cert.  If I hit ok, it goes through, but prompts me for every send.  The only public facing cert is on the CAS, yet the error indicates the cert is on the mail/hub.  Is this a thunderbird issue, or is there some certificate work I can do to solve this?  Do I need a certificate for my mail/hub.  Do I need to add the Mail/Hub server as a SAN in the UCC?
0
Comment
Question by:Lucas Bruch
  • 3
  • 3
6 Comments
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 100 total points
ID: 24090952
Your UC cert should have at minimum:
servername (netbios name)
mail.domain.com
autodiscover.domain.com
autodiscover.domain.local

Is this the case?  If not, contact your cert vendor and see if you can get the UC cert reissued with the correct names - usually you can do this for free within 14 or 30 days, depending on the vendor.
0
 
LVL 1

Author Comment

by:Lucas Bruch
ID: 24091027
My UCC cert has:
servername
mail.domain.com
autodiscover.domain.com

I do not have the .local.  But I do not believe that this has anything to do with autodiscover portion.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24091844
yes, typo - last should be server.domain.local, but if that doesn't apply it doesn't really matter anyways I guess...

Take a look at this - see if it helps... skip ahead to the instructions and ignore the opening paragraph.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 31

Expert Comment

by:Paranormastic
ID: 24091845
0
 
LVL 1

Author Comment

by:Lucas Bruch
ID: 24435021
Well, I got a new UCC Cert with my mail server name on there and it appears to be working.
0
 
LVL 1

Accepted Solution

by:
Lucas Bruch earned 0 total points
ID: 24435043
I should note that the server i had to add was for my mail hub server, not my CAS.  If you are going to do secure smtp, be sure to have that in the ucc cert.
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now