Solved

SSL Certificat Mismatch

Posted on 2011-03-10
8
937 Views
Last Modified: 2013-01-15
I am getting the follow error

Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
   Test Steps
   Validating the certificate name.
  Certificate name validation failed.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host name mail.domainname.org doesn't match any name found on the server certificate CN=SERVERNAME.
 
 How can I resolve this issue
 
0
Comment
Question by:rsilver24
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 10

Expert Comment

by:cjrmail2k
ID: 35096368
Is this a new certificate? Did you match it to your domain DNS name? What version of exchange are you using?
0
 

Author Comment

by:rsilver24
ID: 35097734
No it is not a new certification.  I am running Exchange 2010 and I am not sure how to check to see if it is matched to DNS name
0
 
LVL 10

Expert Comment

by:cjrmail2k
ID: 35098370
if you run iis on the cas you should be able to right-click on the default site and click properties/security and check certificate
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 8

Accepted Solution

by:
praveenkumare_sp earned 500 total points
ID: 35103133
Hi rsilver24:

Go to EMC click on server config > in the middle plane u would see a certificate

if u see  many double click on the one that says IIS as one of its service

Once the certificate opens click on details tab and under Subject alternative name field see whether do u see FQDN of the server  if not follow the steps below to solve ur issue  

In the below lines i have explained how to change the Internal url  such that u dont need to have CAS FQDN in the certificate


follow the below kb and change the urls 940726

http://support.microsoft.com/kb/940726
"Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of the site""


In short this is what u have to do(taken for ur reference from url)



To resolve this issue, modify the URLs for the appropriate Exchange 2007 components. To do this, follow these steps:
1.      Start the Exchange Management Shell.
2.      Modify the Autodiscover URL in the Service Connection Point. The Service Connection Point is stored in the Active Directory directory service. To modify this URL, type the following command, and then press ENTER:
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml
3.      Modify the InternalUrl attribute of the EWS. To do this, type the following command, and then press ENTER:
Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl https://mail.contoso.com/ews/exchange.asmx
4.      Modify the InternalUrl attribute for Web-based Offline Address Book distribution. To do this, type the following command, and then press ENTER:
Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl https://mail.contoso.com/oab
5.      Modify the InternalUrl attribute of the UM Web service. To do this, type the following command, and then press ENTER:
Set-UMVirtualDirectory -Identity "CAS_Server_Name\unifiedmessaging (Default Web Site)" -InternalUrl https://mail.contoso.com/unifiedmessaging/service.asmx
Note This command is required only in an Exchange 2007 environment. This command no longer exists in an Exchange 2010 environment. Instead, the WebServices URL is used for this purpose.
6.      Open IIS Manager.
7.      Expand the local computer, and then expand Application Pools.
8.      Right-click MSExchangeAutodiscoverAppPool, and then click Recycle.
Important These steps assume that a host record exists in the DNS to map the FQDN that you specify to the IP address of the CAS server. For example, consider the following scenario:
•      The original internal URLs for the Exchange components point to the internal FQDN of the server. For example, one of these URLs points to the following:
https://ServerName.contoso.com/ews/exchange.asmx
•      The FQDN that is specified on the certificate points to the externally accessed host name of the server. For example, the certificate specifies an FQDN, such as "mail.contoso.com."
In this scenario, you must add a host record for the mail host name that is mapped to the internally accessed IP address of the CAS server to let internal clients access the server.

let me know if u have any queries
0
 

Author Comment

by:rsilver24
ID: 35127943
I went through these steps but it is still not working.  But something is not matching up.  I uninstalled the CAS from my backend server last week and reinstalled it on my frontend server.  When I ran the activesync test it tells me that the host name mail.hali88.org doesn't match any name found on the server certificate CN=Haliserv2 (this is my backend server) and no longer my CAS.  
0
 

Author Comment

by:rsilver24
ID: 35129500
Hi any update on this issue?
0
 

Author Comment

by:rsilver24
ID: 35148209
Hello can someone please help with this issue?
0
 
LVL 2

Expert Comment

by:anuragshankar
ID: 37383642
Do you have a Internal Host(A) entry in the DNS. Remove it and then check.
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question