oetcc
asked on
Certificate Error in Outlook - Installed 3rd Party SSL Certificate
I recently setup an SBS 2008 Server. I purchased a UCC SSL certificate from godaddy so that users connecting to the Exchange server via outlook Web Access or their Windows Mobile/iPhone would not receive a certificate error. After importing the certificate OWA and Mobile devices could connect to the public address without a certificate warning however local users connecting to the exchange server using Outlook receive a security alert with an error message stating that "the name on the security certificate is invalid or does not match the name of the site". If you click yes to proceed outlook opens and functions correctly. However every time you reopen outlook you get prompted with the same security alert.
I looked at the Microsoft knowledge base article 940726 (www.support.microsoft.com/kb/940726) which describes my problem however when I try to execute step 3, 4 and 5 of the resolution I receive the following error "the operation could not be preformed because the object... could not be found on domain controller…
I looked at the Microsoft knowledge base article 940726 (www.support.microsoft.com/kb/940726) which describes my problem however when I try to execute step 3, 4 and 5 of the resolution I receive the following error "the operation could not be preformed because the object... could not be found on domain controller…
Suliman Abu Kharroub
If you have a local CA, issue a local certificate to exchange server and make sure that clients connect to exchange using local name not public.
ASKER
To clarify... I need to add the local domain name of the local network to the certificate. As an example: currently the certificate is issued to the domain owa.xyz.com. The local network domain name is xyz.local. Should I add xyz.local or sbssrv.xyz.local to the certificate? Where sbssrv is the name of the server?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Do I need to create a new CSR request to add domains to my existing certificate?
I humbly disagree with Shree here. You don't need all of those (and in many cases you can't get Godaddy to issue a certificate with just a Netbios name, for example) so the problem is with how your internal outlook clients are finding your server.
In short, I'd guess you need to re-run the IAMW so that the various LDAP, DNS, and other records get properly updated and autodiscover uses the same domain name internally as it does externally. Then, certificate issue solved because it will no longer be a mismatch.
-Cliff
In short, I'd guess you need to re-run the IAMW so that the various LDAP, DNS, and other records get properly updated and autodiscover uses the same domain name internally as it does externally. Then, certificate issue solved because it will no longer be a mismatch.
-Cliff
Yes, you have too.