We help IT Professionals succeed at work.

MS Outlook keeps prompting to accept certificate

We recently installed an SSL certificate from GoDaddy to resolve the external issues with our Outlook Web Access. However, now internally it keeps asking users (several times) if they want to proceed. I have had the users install the certificate, but the issue persists. I think I may have accidently tried to install that certificate in to the local domain for that server in IIS. Can anyone tell me how to resolve this issue.

Thanks!
Comment
Watch Question

Paul MacDonaldDirector, Information Systems

Commented:
I'm guessing name resolution is different for people outside the network than inside.  That is, outside they hit owa.external.com and inside they hit owa.internal.com or something.  The SSL certificate isn't mapped to the internal URL so your browser is warning you the certificate may be bad.

Author

Commented:
Great, how do I resolve this?
Paul MacDonaldDirector, Information Systems

Commented:
Either have your users connect to the URL the certificate was issued for (owa.external.com), get another certificate for the internal URL, or have users connect internally using a non-HTTPS URL.  One last option would be to generate your own certificate, but that's so much work I wouldn't even consider it.
Rick FeeMessaging Engineer - Disaster Recovery Engineer

Commented:
On your internal DNS server (Your AD Server)  create a new record or zone for the external.com namespace....then create a owa.external.com and point this to the local IP

Author

Commented:
I think I miscommunicated something. Internally we use the Outlook Client - Externally we use OWA. When they open MS Outlook the error is presented
Rick FeeMessaging Engineer - Disaster Recovery Engineer

Commented:
I wouldn't mess around with creating another cert...you can create a new DNS zone in a minute or two.   Then just flush the dns and test.
Shreedhar EtteTechnical Manager
Top Expert 2010

Commented:
Messaging Engineer - Disaster Recovery Engineer
Commented:
Oh oh....you have to change the vitrual dir pointers....So on your Exchange server you need to run this script...just change Exchangeservername with your exchange server....and change exchange.ourcompany.com to that of owa.external.com then rename it from .txt to ps1   then run under exchange shell console
Outlook2007certfix.txt
Paul MacDonaldDirector, Information Systems

Commented:
"I think I may have accidently tried to install that certificate in to the local domain for that server in IIS."
Hmm.  This shouldn't have any effect on Outlook.  Are you using IMAP or POP internally?

Author

Commented:
IMAP (native Outlook Client)

Author

Commented:
EndureKona - THANK YOU THANK YOU THANK YOU!!!

You identified the issue, and your solution worked PERFECTLY.

YOU ARE TRULY AN EXPERT!!!


(I do appreciate all answers)