Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2010 Certificate Problem

Posted on 2010-08-13
13
Medium Priority
?
426 Views
Last Modified: 2012-05-10
I have purchased a certificate from GlobalSign, which works for owa internal link:
https://exchange1/owa but when the Outlook 2007 Client connects to my exchange 2010 server I get the certificate error that the name on the certificate does not match the name on the site.

I saw this post: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_26166895.html

which is the same issue, bit I don't understand what I need to do to get it to work.

Can someone give me a hand please???
0
Comment
Question by:andrewjones1987
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 
LVL 20

Accepted Solution

by:
woolnoir earned 2000 total points
ID: 33427965
you need to make sure your clients are connecting to the same name i.e https://exchange1.FULLDOMAINNAME.com/owa. The certificate can have an entry for a 'simple name' but otherwise the clients need to connect to the full external name as external clients would.
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 33428008
The certificate is created for FQDN of host. When this certificate is used in web server site the client connect to this site and make some security checks on certificate - validity, trust and if the host you are connected is equal to the host for what was certificate issued.
If you use this server from Internet and from internal site under different hostnames you must make changes in your environment to be able not receive error messages. what name is on your certificate, what name is filled in Outlook in Exchange profile, what is in IIS config ?
0
 
LVL 2

Author Comment

by:andrewjones1987
ID: 33428050
Outlook Client: exchange1.ad.domain.org.uk
IIS: https://exchange1/owa   or   https://exchange1.ad.domain.org.uk

Certificate:
Contains - autodiscovery.domain.org.uk
                 mail.domain.org.uk
                 webmail.domain.org.uk
                 exchange1
                 localhost

I Understand about the certificate not containing the exchange1.ad.domain.org.uk, but how do I configure exchange clients (Outlook 2007) to use just exchange1 or even mail.domain.org.uk??? same as external???
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 11

Expert Comment

by:Marc Dekeyser
ID: 33428051
I'll go with woolnoir here, you need to add the external domain name on the certificate as f.e. "mail.contoso.com"
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33428058
go into the account settings in outlook 2010 and for the server address for the account add the full domain name for the server as you registered in the certificate... i.e mail.domain.org.uk.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33428067
the distinction would be ( using my username )

I'd registered mail.woolnoir.org.uk and had a OWA server. My external clients would use https://mail.woolnoir.org.uk and would work fine. My internal clients would use only MAIL in their outlook server settings and it would fail... as MAIL isnt the FQDN in the SSL certificate... it has to be mail.woolnoir.org.uk for the server setting...
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33428075
Try just changing your outlook from exchange.ad.domain.org.uk to exchange.domain.org.uk.. thats a good first step.
0
 
LVL 2

Author Comment

by:andrewjones1987
ID: 33428110
no, the only thing in outlook that will work is when I type exchange1 and then it adds exchange1.ad.domainname.org.uk (ad.domainname.org.uk is my FQDN)
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33428128
But you can go into the account settings preferences and changes that manually after you have configured the account ? I know it suggests the details but it shouldn't auto add them ? thats auto discovery happening but it should be manually tweak able ?
0
 
LVL 2

Author Comment

by:andrewjones1987
ID: 33428150
No.....I select Manually configure and when I enter the Server name and my Username, it adds the last bit during the check name process as seen when I go back into the settings.
0
 
LVL 4

Expert Comment

by:Valutus
ID: 33428165
This article explains how to set the internal URL in Exchange 2007 (it also applies to Exchange 2010) http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/configuring-exchange-server-2007-web-services-urls.html

Setting the Internal URL to match your external URL it should resolve the issue.


0
 
LVL 4

Expert Comment

by:DeDeckkerAndy
ID: 33430619
Open exchange mgmt console
server configuration
Client Access
select your server
-click properties, last tab Outlok Anywhere - fill in the external host name mail.domain.org.uk
-click ok

On tab Outlook Web App - click owa and click properties
there --> external url mail.domain.org.uk, click ok
on tab Exchange Activesync - click Microsoft-Server-ActiveSync, click properties
there --> external url mail.domain.org.uk, click ok

Point the external dns from mail.domain.org.uk to the right ip address

that should do the trick
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33475884
Any luck on this issue ?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question