Pachoey71
asked on
Outlook Certificate Issues w/SBS 2008
Hey All-
I'm at my wits end on this one - with every SBS 2008 install we've done we have purchased a custom SSL cert and installed according to the best practice method we've seen over at Sean Daniel's blog.
The problem is - we always end up with those pop-ups stating the cert doesn't match the site name everytime someone opens Outlook. We've scoured everywhere and came across this article that seems to be perfect: http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/
The problem is not everything in this article is possible on SBS 2008. We were able to redirect the autodiscover records but other items like the OAB etc don't work. We keep getting errors saying the site doesn't exist.
Is there someone out there who has resolved this problem? We'd love to get this fix documented and applied once and for all. It's such a minor thing but it's annoying to know there must be a solution.
Anyone?
I'm at my wits end on this one - with every SBS 2008 install we've done we have purchased a custom SSL cert and installed according to the best practice method we've seen over at Sean Daniel's blog.
The problem is - we always end up with those pop-ups stating the cert doesn't match the site name everytime someone opens Outlook. We've scoured everywhere and came across this article that seems to be perfect: http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/
The problem is not everything in this article is possible on SBS 2008. We were able to redirect the autodiscover records but other items like the OAB etc don't work. We keep getting errors saying the site doesn't exist.
Is there someone out there who has resolved this problem? We'd love to get this fix documented and applied once and for all. It's such a minor thing but it's annoying to know there must be a solution.
Anyone?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your certificate needs to be issued for the subdomain your mail server is on and be installed on your exchange serve. The certificate should not be made for you .yourdomain.com it needs to be mail.exchangeserver.com. substitute mail for the actual subdomain and substitute exchangeserver for your domain name.
ASKER
Conch,
We purchased the certificate from GoDaddy. It is a single domain cert for remote.customername.com.
It sounds like the issue is that we need the multi-domain certificate - is this correct?
So we should go back to GoDaddy - purchase a multi-domain certificate - and then install this in the same manner we installed the single domain cert. This new multi-domain would replace our old cert and would respond to the problem sites like sites.internaldomain and autodiscover.internaldomai
Is this accurate? if so - we'll give this a go and come back to flag the solution.
We purchased the certificate from GoDaddy. It is a single domain cert for remote.customername.com.
It sounds like the issue is that we need the multi-domain certificate - is this correct?
So we should go back to GoDaddy - purchase a multi-domain certificate - and then install this in the same manner we installed the single domain cert. This new multi-domain would replace our old cert and would respond to the problem sites like sites.internaldomain and autodiscover.internaldomai
Is this accurate? if so - we'll give this a go and come back to flag the solution.
@Krzyview, I would tend to agree with you but you don't know how I've been chastized for doing that :-). So I now offer both, I personally have never used the domain.com but always the remote.domain.com. But I put it out there because of different points of view :-). Hope this helps.
I know but I don't know if you get a multi domain certificate it will work because of it actually being on a different server unless you run the web interface with a PHP Include by importing it into a web host side function in a way. Did I say that right?
ASKER
Guys, All sites are on the same server since it is SBS 2008. So autodiscover, remote, sites, netbiosname.internaldomain
Can you guys respond to my comment above?
Thanks.
Can you guys respond to my comment above?
Thanks.
Yes, go with the SAN it will make your life better.
Yes then go with the multi domain cert and yes install it the same way as you would any other cert.
ASKER
Actually found a video on netometer.com that walks you through the process.
The UCC is recommended - BUT - there is a way to do this with one cert.
Testing then I'll come back and assign credit.
The UCC is recommended - BUT - there is a way to do this with one cert.
Testing then I'll come back and assign credit.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yep, seen most of the other concepts before, some say they have made it work I've never been able to do so. Being in the business for my clients I normally do what makes practical sense and recommended best practices. It reminds me of when techs would overclock their cpu's to make 'em go faster, of course until they burned up, the lesson is, just 'cause you can should you?
Hmm, this doesn't seem like a proper solution but hey if you want to spend days figuring that out then go ahead. It's more practical and alot simpler to pay for the multi-domain certificate which will work for all your subdomains rather then bypassing practical real world techniques.
@krzyview, my sentiments exactly. In fact I think I'll go to my favorite warez site and d/l the latest version of sbs 2008 :-). I could say more but I'll hold my tongue ;-).
Well to each his own. He may be trying to spam the world for all we know.
The solution to this question that the original Poster has made for the problem is not a solution. It's a fix that shouldn't be done to follow proper techniques of setting up Exchange Servers. Please use the suggestions from I and @conchcrawl to resolve your problems.