[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

exchange 2010 exchange certificates

Posted on 2011-09-15
10
Medium Priority
?
326 Views
Last Modified: 2012-05-12
hello all thank you for your time

I just recently installed a exchange 2010 and I im having a slight issue with my outlook 2007 client after I log on.  i get a security alert and it seems to be lookign at my ssl certificate from my vendor for my owa domain.  I thought it would look at the self assigned on but it appears not to be the case.  the ssl certificate only list the owa domain so I thought I would remove the existing and reinstall a new one listing the local domainof the server in the "subject alternatives"

I cant rmove the existing one because it states that it will stop to transport service and to just create a new one.  when I create a new one it senses the thump print of the existing cert and wont complete the install ?

can anyone help me ?
0
Comment
Question by:jrojas1213
  • 4
  • 3
  • 3
10 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 1000 total points
ID: 36544745
Did you buy a SAN / UCC (Multi-Name) SSL certificate or just a single name certificate?

When you buy a certificate for Exchange 2007 / 2010, you will need to include the following names to keep Exchange and everything else happy:

mail.externaldomain.com (or whatever you chose)
autodiscover.externaldomain.com
internalservername.internaldomain.local
internalservername

If you don't have ALL of the above names, then you will receive a certificate error somewhere in Outlook, OWA or Activesync.
0
 
LVL 1

Author Comment

by:jrojas1213
ID: 36545024
yes that is my problem I am trying to fix it but  please read the problem I am having

"I cant rmove the existing one because it states that it will stop to transport service and to just create a new one.  when I create a new one it senses the thump print of the existing cert and wont complete the install ?
"
0
 
LVL 1

Author Comment

by:jrojas1213
ID: 36545045
i kneed to know how to remove so I can update it with exactly what you said

mail.externaldomain.com (or whatever you chose)
autodiscover.externaldomain.com
internalservername.internaldomain.local
internalservername
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36545071
If you run the New Certificate wizard, generate a new Certificate Signing Request and then take that to your certificate provider, then re-key your certificate using the new request, get a new certificate issued, download the new certificate, install it on your Exchange server, enable it and assign services to it, then you can remove the incorrect certificate.

Leave the Exchange self-signed certificate alone.  It won't do any harm.
0
 
LVL 1

Author Comment

by:jrojas1213
ID: 36545532
yeah i just learned that its a single domain certificate.  so that is my problem.  my predecessor used rapidssl and they are expensive.  godaddy appears alot cheaper have you heard any issues with there certs ?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36545738
No - they are fine - I use one from my GoDaddy Reseller Account.  The GoDaddy Reseller Account is actually cheaper than GoDaddy themselves!!
0
 
LVL 1

Assisted Solution

by:makyj
makyj earned 1000 total points
ID: 36548741
We had a similar problem with our rapidssl certificate, and found that creating proxy exceptions via GP in local machines for the exchange ip and FQDN resolved this problem for us.

Might be a different issue, but worked for us...
0
 
LVL 1

Author Comment

by:jrojas1213
ID: 36549024
makyj, that seems like an interesting solution do you mean group policy when you say "gp" and could you provide what policy you configured to correct this thanks.

0
 
LVL 1

Expert Comment

by:makyj
ID: 36550967
Sorry - Yes GP = group policy.

I added proxy exceptions to IE via group policy.  Will post exact location and content when I am back in front of PC - few hours time.
0
 
LVL 1

Expert Comment

by:makyj
ID: 36551385
jrojas1213:

Here are the Group Policy on our Windows 2008 DC

User Configuration > Policies > WIndows Settings > Internet Explorer Maintenence > Connection > Proxy Settings | Exceptions

- Do not use proxy server flor local (intranet) addresses = Enabled
- Do not use proxy server addresses beginning with:
localhost
127.0.0.1
internalmailservername.local.externaldomain.com.au
mail.externaldomain.com.au
externaldomain.com.au
*.externaldomain.com.au

I realise some of these are duplicates, but if I give you all of them, hopefully they will work for you as well...  HTH
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month20 days, 10 hours left to enroll

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question