• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 548
  • Last Modified:

Outlook 2007 Security Alert, The name on the security certificate is ivalid

We have move from Exchange 2003 to 2007 and are having one or two teething problems.  I have intsalled a third party SSL certificate which is working well, however users are gettiing a Security Alert when connection to Outlook:

autodiscover.ourdomain.com

The name on the security certificate is invalid or does not match the name of the site.
Do you want to proceed?

Now I know if I had added autodiscover.ourdomain.com as an alternative to the certificate, we wouldn't get this error but I didn't.  

I think there is a way to repoint the Autodiscovery to the existing SSL using:

Set-ClientAccessServer -Identity CASserver1 -AutoDiscoverServiceInternalUri https://yourinternaladdress.xxx

Our clients can connect to webmail internally by going to:

https://servername/owa

Does that mean that the syntax I need to use to stop this warning appearing is:

Set-ClientAccessServer -Identity CASserver1 -AutoDiscoverServiceInternalUri https://servername/owa

I just want to be sure!
0
-Juddy-
Asked:
-Juddy-
  • 3
  • 2
1 Solution
 
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
"""Set-ClientAccessServer -Identity CASserver1 -AutoDiscoverServiceInternalUri https://servername/owa"""

This is wrong.

By default, AutoDiscoverServiceInternalUri will be https://casserver.domain.local/autodiscover.autodiscover.xml

So, unless you have a SAN/UCC Certificate which has your CAS server netbios name and fqdn, along with autodiscover.externaldomain.com in your cert, your error will pop up all the time.

Check http://enchiparambil.com/ucc_san_certificate_for_exchange_2007.aspx

Rajith.
0
 
-Juddy-Author Commented:
I have all of the above apart from the autodiscover entry.  
0
 
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
You need autodiscover entry for Outlook 2007 to work properly. Or else, use Outlook 2003 as an alternate solution.
0
 
-Juddy-Author Commented:
We have Office 2007 on all workstations, so I guess I'll need to alter my SSL cert.
0
 
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Yes, you need to have the autodiscover.yourdomain.com in your cert. So, amend it.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now