Solved

Certificate SAN Mismatch

Posted on 2010-11-25
6
2,865 Views
Last Modified: 2012-05-10
Ran BPS on an Exchagne 2010 running on W2008R2 after installing Exchange 2010 SP1

Get one critical error that is Certificate SAN mismatch

The subject alternative name (SAN) of SSL certificate for https://mail.domain.com/ews/exchange.asmx does not appear to match the host address. Host address: mail.domain.com. Current SAN: DNS Name=W2008R2, DNS Name=W2008R2.domain.com.

I have an "outside DNS A record for mail.domain.com and a reverse dns record to use mail.domain.com

The certificate is self issued.

Thanks

0
Comment
Question by:911bob
  • 3
  • 3
6 Comments
 
LVL 10

Accepted Solution

by:
dhruvarajp earned 500 total points
ID: 34214152
you need to obtain a SAN/UCC certifacate from certificate vendor or from a internal CA if you have any
the certificate should have following subject names

1. mail.yourdomain.com
2.FQDN of your exch server
3. autodiscover.yourdomain.com
4.netbios name of your exch server

the self signed cert is not UCC / SAN that why you got this error.
0
 

Author Comment

by:911bob
ID: 34214162
Will it hurst not to have an outside Cert?
0
 
LVL 10

Expert Comment

by:dhruvarajp
ID: 34214180
that really depends on your exchange usage. if you have remote users like
iphone or outlook anywhere that connect to exchange using outlook on internet they will not be be able to connect

domain users will work seamlessly if you do not have outside cert
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:911bob
ID: 34214239
I have 1 iPhone user and a couple that use OWA, but when they get the Cert Warning, I tell them to ignore and click through..

Its a non-profit charity so they want to spend as little as possible..
0
 
LVL 10

Expert Comment

by:dhruvarajp
ID: 34214286
ok. then you will just go by what you have...
you can select BPA to not to report this warning again
0
 

Author Closing Comment

by:911bob
ID: 34214293
Thanks for your info.. and fast..
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

774 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question