Solved

exchange 2010 exchange certificates

Posted on 2011-09-15
10
274 Views
Last Modified: 2012-05-12
hello all thank you for your time

I just recently installed a exchange 2010 and I im having a slight issue with my outlook 2007 client after I log on.  i get a security alert and it seems to be lookign at my ssl certificate from my vendor for my owa domain.  I thought it would look at the self assigned on but it appears not to be the case.  the ssl certificate only list the owa domain so I thought I would remove the existing and reinstall a new one listing the local domainof the server in the "subject alternatives"

I cant rmove the existing one because it states that it will stop to transport service and to just create a new one.  when I create a new one it senses the thump print of the existing cert and wont complete the install ?

can anyone help me ?
0
Comment
Question by:jrojas1213
  • 4
  • 3
  • 3
10 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 250 total points
Comment Utility
Did you buy a SAN / UCC (Multi-Name) SSL certificate or just a single name certificate?

When you buy a certificate for Exchange 2007 / 2010, you will need to include the following names to keep Exchange and everything else happy:

mail.externaldomain.com (or whatever you chose)
autodiscover.externaldomain.com
internalservername.internaldomain.local
internalservername

If you don't have ALL of the above names, then you will receive a certificate error somewhere in Outlook, OWA or Activesync.
0
 
LVL 1

Author Comment

by:jrojas1213
Comment Utility
yes that is my problem I am trying to fix it but  please read the problem I am having

"I cant rmove the existing one because it states that it will stop to transport service and to just create a new one.  when I create a new one it senses the thump print of the existing cert and wont complete the install ?
"
0
 
LVL 1

Author Comment

by:jrojas1213
Comment Utility
i kneed to know how to remove so I can update it with exactly what you said

mail.externaldomain.com (or whatever you chose)
autodiscover.externaldomain.com
internalservername.internaldomain.local
internalservername
0
 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
If you run the New Certificate wizard, generate a new Certificate Signing Request and then take that to your certificate provider, then re-key your certificate using the new request, get a new certificate issued, download the new certificate, install it on your Exchange server, enable it and assign services to it, then you can remove the incorrect certificate.

Leave the Exchange self-signed certificate alone.  It won't do any harm.
0
 
LVL 1

Author Comment

by:jrojas1213
Comment Utility
yeah i just learned that its a single domain certificate.  so that is my problem.  my predecessor used rapidssl and they are expensive.  godaddy appears alot cheaper have you heard any issues with there certs ?
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 76

Expert Comment

by:Alan Hardisty
Comment Utility
No - they are fine - I use one from my GoDaddy Reseller Account.  The GoDaddy Reseller Account is actually cheaper than GoDaddy themselves!!
0
 
LVL 1

Assisted Solution

by:makyj
makyj earned 250 total points
Comment Utility
We had a similar problem with our rapidssl certificate, and found that creating proxy exceptions via GP in local machines for the exchange ip and FQDN resolved this problem for us.

Might be a different issue, but worked for us...
0
 
LVL 1

Author Comment

by:jrojas1213
Comment Utility
makyj, that seems like an interesting solution do you mean group policy when you say "gp" and could you provide what policy you configured to correct this thanks.

0
 
LVL 1

Expert Comment

by:makyj
Comment Utility
Sorry - Yes GP = group policy.

I added proxy exceptions to IE via group policy.  Will post exact location and content when I am back in front of PC - few hours time.
0
 
LVL 1

Expert Comment

by:makyj
Comment Utility
jrojas1213:

Here are the Group Policy on our Windows 2008 DC

User Configuration > Policies > WIndows Settings > Internet Explorer Maintenence > Connection > Proxy Settings | Exceptions

- Do not use proxy server flor local (intranet) addresses = Enabled
- Do not use proxy server addresses beginning with:
localhost
127.0.0.1
internalmailservername.local.externaldomain.com.au
mail.externaldomain.com.au
externaldomain.com.au
*.externaldomain.com.au

I realise some of these are duplicates, but if I give you all of them, hopefully they will work for you as well...  HTH
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Outlook Free & Paid Tools
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now