Solved

Certificate SAN Mismatch

Posted on 2010-11-25
6
2,843 Views
Last Modified: 2012-05-10
Ran BPS on an Exchagne 2010 running on W2008R2 after installing Exchange 2010 SP1

Get one critical error that is Certificate SAN mismatch

The subject alternative name (SAN) of SSL certificate for https://mail.domain.com/ews/exchange.asmx does not appear to match the host address. Host address: mail.domain.com. Current SAN: DNS Name=W2008R2, DNS Name=W2008R2.domain.com.

I have an "outside DNS A record for mail.domain.com and a reverse dns record to use mail.domain.com

The certificate is self issued.

Thanks

0
Comment
Question by:911bob
  • 3
  • 3
6 Comments
 
LVL 10

Accepted Solution

by:
dhruvarajp earned 500 total points
ID: 34214152
you need to obtain a SAN/UCC certifacate from certificate vendor or from a internal CA if you have any
the certificate should have following subject names

1. mail.yourdomain.com
2.FQDN of your exch server
3. autodiscover.yourdomain.com
4.netbios name of your exch server

the self signed cert is not UCC / SAN that why you got this error.
0
 

Author Comment

by:911bob
ID: 34214162
Will it hurst not to have an outside Cert?
0
 
LVL 10

Expert Comment

by:dhruvarajp
ID: 34214180
that really depends on your exchange usage. if you have remote users like
iphone or outlook anywhere that connect to exchange using outlook on internet they will not be be able to connect

domain users will work seamlessly if you do not have outside cert
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:911bob
ID: 34214239
I have 1 iPhone user and a couple that use OWA, but when they get the Cert Warning, I tell them to ignore and click through..

Its a non-profit charity so they want to spend as little as possible..
0
 
LVL 10

Expert Comment

by:dhruvarajp
ID: 34214286
ok. then you will just go by what you have...
you can select BPA to not to report this warning again
0
 

Author Closing Comment

by:911bob
ID: 34214293
Thanks for your info.. and fast..
0

Featured Post

Make managing Office 365 email signatures a breeze

Are you using Office 365? Having trouble trying to set up email signatures for your users? Getting stressed out managing multiple signatures? Need an easier way to manage? We have a solution for you, try the most-user friendly and powerful signature management tool on the market.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now