• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 491
  • Last Modified:

SSL Certificate Error

I have an Exchange 2007 Server. I purchased and installed an SSL certificate from GoDaddy.com. My internal users get a certificate error when they access their email via IE7 or they get a Security alert popup error message through Outlook 2007. Both indicate that the name on the security certificate is invalid or does not match the name of the site. I know that it doesn't match the name of the site, because the name is the external name.

I have performed the following commands (changed to suit the client's environment), which I found at
http://trycatch.be/blogs/pdtit/archive/2007/05/28/ssl-error-internally-in-outlook-2007-when-using-an-official-ssl-certificate.aspx

Set-WebServicesVirtualDirectory -Identity "EWS*" -ExternalUrl "Https://webmail.pdtit.be/EWS/Exchange.asmx" -InternalUrl "Https:// webmail.pdtit.be/EWS/Exchange.asmx"        

Set-ClientAccessServer -Identity CASserver1 -AutoDiscoverServiceInternalUri https://webmail.pdtit.be

Still no dice. Any help would be much appreciated.
Thanks

0
LOGTECHSERV
Asked:
LOGTECHSERV
1 Solution
 
StefanKittelCommented:
Hello,

there will be a work arounds because I cannot tell you how to use two differen certs for internal and external.

Add a hostname with the external name and the internal ip to your dns server. If not possible you may use the local hosts file (disribute through logonscript).

Stefan
0
 
ParanormasticCryptographic EngineerCommented:
Is the certificate you purchased a UC certificate?  If not, you should really get one.  GoDaddy.com has them for very cheap price.

You will want to include all name references for however you will be accessing things internally and externally, for example:

server.internal.local
server.external.com
mail.external.com
autodiscover.external.com

You may want to also include the hostname and/or IP address if you choose.

Note that when you create the CSR a name is assigned as the Subject name, you will need to list this again in the big list of names that the cert will be valid for.
0
 
jagard29Commented:
Agree with Paranormastic that you need the four alternate names indicated.  It may just be a typo in your post but there is a space in the address for your internal URL.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LOGTECHSERVAuthor Commented:
Have not tested yet will update asap.

Thanks!
0
 
LOGTECHSERVAuthor Commented:
The following is the site with the information I was able to use to fix the problem:
http://blog.shijaz.com/2008/04/certficate-name-mismatch-in-outlook.html
Thank you for your help!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now