Certificate Error when opening outlook

ffemt968
ffemt968 used Ask the Experts™
on
I just installed a new certificatre on my exchange 2007 server and now I have users getting the following error message when opening up outlook 2007:
"Information you exchange with this site cannot be viewed or changed by others however there is a problem with the sites certificate."

I remember there is a way to disable this but I don't remember how.  
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hi,

what kind of cert is that.? Standard ssl / ucc ssl.  The url/smtp domain, is it include in the cert.
If you can put a screenshot of the error that will be helpful

Regards,
v-2nas

Author

Commented:
it is a ucc cert and the file attatched has a screen shot

Author

Commented:
Helps if I attach it Screen shot Screen shot
Can you post a screenshot of the View Certificate page?
Hi,

Seems like you don't have the correct names register in SAN of the certificate. What is the users's email address and your domain and if you go the properties of the cert, check what is mentioned under the SAN. {subject alternative name)

Regards,
v-2nas

Author

Commented:
I blanked out any personal information View Button

Author

Commented:
Problem is I'm not the one who made the old one and I already got rid of it I know there is a way to make this disappear but I just cant remember
You can do it from the client if the smtp domain is present in the certificate, if these are outlook 2003 clients then CN name on the cert must match smtp domain.

Regards,
v-2nas

Author

Commented:
Outlook 2007
what is your smtp domain name [you can give it a random name], you local domain and SAN enteries on the certificate. Go to cert properties, details, under details there will be subject alternative name.

Regards,
v-2nas

Author

Commented:
I'm actually not sure
hmm, can you get that info and post later.

Author

Commented:
the email addresses are username@northeastcoating.com

I have northeastcoating listed does it need a local one like DOMAIN.SERVERNAME.local?
Now you should have a san entry for autodiscover. Northeastcoating.com and northeastcoating.com. Servername.youractualdomain.local or com whayever it is

Author

Commented:
ok I do have an autodiscover and I have just notheastcoating.com so I would need
northeastcoating.com.servername.youractualdomain.local?

The following records let say your internal domain is private.local and your smtp is private.com then san enteries would be

private.local
autodiscover.private.com   [you need to create a dns zone for private.com in your internal windows dns]
mail.private.com  [pointing to your internet facing ip nated to cas server this will also be used as host for autodiscover service records]

check this article for correct autodiscover urls published for external access on cas server
http://support.microsoft.com/kb/940726


Regards
v-2nas

Author

Commented:
so be just going in and putting another SAN on there for .local will not work

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial