Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Certificate Error Exchange 2007

Posted on 2009-07-14
10
Medium Priority
?
264 Views
Last Modified: 2012-05-07
Hi,
when I open Microsoft Outlook it returns a certificate error.  I just accept it and Outlook works fine.  But, every time I reopen it, it gives that error.  
I have a certificate named webmail.domain.com.  This certificate is used in the internet.  But the certificate's FQDN showed in Microsoft Outlook is myserver.domain.com.  "myserver" is my Exchange Server.  I just delete the certificate created in the installation of Exchange 2007 named myserver.domain.com.  What should I do?

Microsoft Exchange could not find a certificate that contains the domain name myserver.domain.com in the personal store on the local computer.  Therefore, it is unable to support STARTLS SMTP verb for the connector "Accept Relay to Applications" with a FQDN parameter of myserver.domain.com.  If the connector´s FQDN is not specified, the computer´s FQDN is used.
0
Comment
Question by:anovaes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 1500 total points
ID: 24854780
Have you purchased a commercial SAN/UC certificate for the server?
If not then you need to.
If you have then you need to ensure that it is enabled for all the relevant services.

You cannot run Exchange 2007 without an SSL certificate of some kind.

I gone through what you need to do to get a commercial certificate on the server here:
http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

Simon.
0
 
LVL 13

Expert Comment

by:lastlostlast
ID: 24854783
the new certificate you are using... is it a 3rd party certificate??

Also check KB 940726... it can help you out....

let me know if you have any queries....
0
 

Author Comment

by:anovaes
ID: 24854832
Yes.  I have a 3rd party certificate.  How can I configure exchange server to use it?  I use to access OWA.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 65

Expert Comment

by:Mestha
ID: 24854861
Is it a SAN/UC certificate or a single name certificate?
It is important to know because the instructions are quite different. A single name certificate is more involved because of the changes required, not only locally but also on the internet.

Simon.
0
 
LVL 13

Expert Comment

by:lastlostlast
ID: 24854872
I would recommend you follow KB 940726 and set your internal URL's accoridingly....

Also make sure that in your internally, these URL's should be able to resolve...

Have a look in your internal DNS and check if the external OWA URL can be accessed internally as well...

Once you have changed the internal URL's as per KB 940726....you should no longer get the certificate prompt....
0
 

Author Comment

by:anovaes
ID: 24864046
It's a single name certificate.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24865250
I wrote an article on configuring Exchange with a single name SSL certificate.
However your external DNS provider MUST support SRV records. If they do not then you will need to replace the certificate with a SAN/UC certificate.
http://www.amset.info/exchange/singlenamessl.asp

Simon.
0
 

Author Comment

by:anovaes
ID: 24865334
Right now, I don't want to use UC and Outlook Anywhere. just OWA.  May I just create a self-signed certificate?
0
 

Author Comment

by:anovaes
ID: 24869486
I don't want to buy a commercial UC certificate.  It's very expensive.  I have a SSL certificate that I use with my OWA clients in the external network.  It's called webmail.domain.com.  My Exchange Server 2007 is exchange2007.domain.com.  When I try to open Microsoft Outlook 2007, it gives me a certificate error (The name on the security certificate is invalid or does not match the name of the site).  This error occurs because the certificate's name checked by Microsoft Outlook 2007 is exchange2007.domain.com instead of webmail.domain.com.  Is it possible to use my SSL certificate webmail.domain.com?  How can I do that?
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24870066
A UC/SAN certificate is US$60/year from a GoDaddy reseller. http://certificatesforexchange.com/ 

A self signed certificate is pointless for OWA, as every time your users connect they get a certificate prompt. Getting users used to a certificate prompt is bad practise, plus have you seen the noise IE makes when a self signed certificate is used.

SSL is not optional with Exchange 2007, and if you want to use a single name SSL certificate you have to follow the instructions I linked to above.

Simon.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question