Solved

exchange 2010 exchange certificates

Posted on 2011-09-15
10
287 Views
Last Modified: 2012-05-12
hello all thank you for your time

I just recently installed a exchange 2010 and I im having a slight issue with my outlook 2007 client after I log on.  i get a security alert and it seems to be lookign at my ssl certificate from my vendor for my owa domain.  I thought it would look at the self assigned on but it appears not to be the case.  the ssl certificate only list the owa domain so I thought I would remove the existing and reinstall a new one listing the local domainof the server in the "subject alternatives"

I cant rmove the existing one because it states that it will stop to transport service and to just create a new one.  when I create a new one it senses the thump print of the existing cert and wont complete the install ?

can anyone help me ?
0
Comment
Question by:jrojas1213
  • 4
  • 3
  • 3
10 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 250 total points
ID: 36544745
Did you buy a SAN / UCC (Multi-Name) SSL certificate or just a single name certificate?

When you buy a certificate for Exchange 2007 / 2010, you will need to include the following names to keep Exchange and everything else happy:

mail.externaldomain.com (or whatever you chose)
autodiscover.externaldomain.com
internalservername.internaldomain.local
internalservername

If you don't have ALL of the above names, then you will receive a certificate error somewhere in Outlook, OWA or Activesync.
0
 
LVL 1

Author Comment

by:jrojas1213
ID: 36545024
yes that is my problem I am trying to fix it but  please read the problem I am having

"I cant rmove the existing one because it states that it will stop to transport service and to just create a new one.  when I create a new one it senses the thump print of the existing cert and wont complete the install ?
"
0
 
LVL 1

Author Comment

by:jrojas1213
ID: 36545045
i kneed to know how to remove so I can update it with exactly what you said

mail.externaldomain.com (or whatever you chose)
autodiscover.externaldomain.com
internalservername.internaldomain.local
internalservername
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36545071
If you run the New Certificate wizard, generate a new Certificate Signing Request and then take that to your certificate provider, then re-key your certificate using the new request, get a new certificate issued, download the new certificate, install it on your Exchange server, enable it and assign services to it, then you can remove the incorrect certificate.

Leave the Exchange self-signed certificate alone.  It won't do any harm.
0
 
LVL 1

Author Comment

by:jrojas1213
ID: 36545532
yeah i just learned that its a single domain certificate.  so that is my problem.  my predecessor used rapidssl and they are expensive.  godaddy appears alot cheaper have you heard any issues with there certs ?
0
Swamped with email signature updates?

Have you been given a load of changes to make to your users’ email signatures? Having to manually implement multiple signatures for every department? Let Exclaimer save you from being swamped with email signature updates!

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36545738
No - they are fine - I use one from my GoDaddy Reseller Account.  The GoDaddy Reseller Account is actually cheaper than GoDaddy themselves!!
0
 
LVL 1

Assisted Solution

by:makyj
makyj earned 250 total points
ID: 36548741
We had a similar problem with our rapidssl certificate, and found that creating proxy exceptions via GP in local machines for the exchange ip and FQDN resolved this problem for us.

Might be a different issue, but worked for us...
0
 
LVL 1

Author Comment

by:jrojas1213
ID: 36549024
makyj, that seems like an interesting solution do you mean group policy when you say "gp" and could you provide what policy you configured to correct this thanks.

0
 
LVL 1

Expert Comment

by:makyj
ID: 36550967
Sorry - Yes GP = group policy.

I added proxy exceptions to IE via group policy.  Will post exact location and content when I am back in front of PC - few hours time.
0
 
LVL 1

Expert Comment

by:makyj
ID: 36551385
jrojas1213:

Here are the Group Policy on our Windows 2008 DC

User Configuration > Policies > WIndows Settings > Internet Explorer Maintenence > Connection > Proxy Settings | Exceptions

- Do not use proxy server flor local (intranet) addresses = Enabled
- Do not use proxy server addresses beginning with:
localhost
127.0.0.1
internalmailservername.local.externaldomain.com.au
mail.externaldomain.com.au
externaldomain.com.au
*.externaldomain.com.au

I realise some of these are duplicates, but if I give you all of them, hopefully they will work for you as well...  HTH
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SBS 2011 certificates expired - need to renew? 4 34
Windows IPv6 DHCP server 8 35
exchange, outlook 2 26
Exchange 2010 Certs 2 14
Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
how to add IIS SMTP to handle application/Scanner relays into office 365.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now