?
Solved

SSL Certificate Error

Posted on 2009-04-15
6
Medium Priority
?
488 Views
Last Modified: 2012-05-06
I have an Exchange 2007 Server. I purchased and installed an SSL certificate from GoDaddy.com. My internal users get a certificate error when they access their email via IE7 or they get a Security alert popup error message through Outlook 2007. Both indicate that the name on the security certificate is invalid or does not match the name of the site. I know that it doesn't match the name of the site, because the name is the external name.

I have performed the following commands (changed to suit the client's environment), which I found at
http://trycatch.be/blogs/pdtit/archive/2007/05/28/ssl-error-internally-in-outlook-2007-when-using-an-official-ssl-certificate.aspx

Set-WebServicesVirtualDirectory -Identity "EWS*" -ExternalUrl "Https://webmail.pdtit.be/EWS/Exchange.asmx" -InternalUrl "Https:// webmail.pdtit.be/EWS/Exchange.asmx"        

Set-ClientAccessServer -Identity CASserver1 -AutoDiscoverServiceInternalUri https://webmail.pdtit.be

Still no dice. Any help would be much appreciated.
Thanks

0
Comment
Question by:LOGTECHSERV
6 Comments
 
LVL 4

Expert Comment

by:StefanKittel
ID: 24151553
Hello,

there will be a work arounds because I cannot tell you how to use two differen certs for internal and external.

Add a hostname with the external name and the internal ip to your dns server. If not possible you may use the local hosts file (disribute through logonscript).

Stefan
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24151566
Is the certificate you purchased a UC certificate?  If not, you should really get one.  GoDaddy.com has them for very cheap price.

You will want to include all name references for however you will be accessing things internally and externally, for example:

server.internal.local
server.external.com
mail.external.com
autodiscover.external.com

You may want to also include the hostname and/or IP address if you choose.

Note that when you create the CSR a name is assigned as the Subject name, you will need to list this again in the big list of names that the cert will be valid for.
0
 

Expert Comment

by:jagard29
ID: 24152031
Agree with Paranormastic that you need the four alternate names indicated.  It may just be a typo in your post but there is a space in the address for your internal URL.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 40

Accepted Solution

by:
coolsport00 earned 2000 total points
ID: 24154108
0
 

Author Comment

by:LOGTECHSERV
ID: 24246770
Have not tested yet will update asap.

Thanks!
0
 

Author Closing Comment

by:LOGTECHSERV
ID: 31570629
The following is the site with the information I was able to use to fix the problem:
http://blog.shijaz.com/2008/04/certficate-name-mismatch-in-outlook.html
Thank you for your help!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month15 days, 20 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question