Solved

exchange 2010 exchange certificates

Posted on 2011-09-15
10
316 Views
Last Modified: 2012-05-12
hello all thank you for your time

I just recently installed a exchange 2010 and I im having a slight issue with my outlook 2007 client after I log on.  i get a security alert and it seems to be lookign at my ssl certificate from my vendor for my owa domain.  I thought it would look at the self assigned on but it appears not to be the case.  the ssl certificate only list the owa domain so I thought I would remove the existing and reinstall a new one listing the local domainof the server in the "subject alternatives"

I cant rmove the existing one because it states that it will stop to transport service and to just create a new one.  when I create a new one it senses the thump print of the existing cert and wont complete the install ?

can anyone help me ?
0
Comment
Question by:jrojas1213
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
10 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 250 total points
ID: 36544745
Did you buy a SAN / UCC (Multi-Name) SSL certificate or just a single name certificate?

When you buy a certificate for Exchange 2007 / 2010, you will need to include the following names to keep Exchange and everything else happy:

mail.externaldomain.com (or whatever you chose)
autodiscover.externaldomain.com
internalservername.internaldomain.local
internalservername

If you don't have ALL of the above names, then you will receive a certificate error somewhere in Outlook, OWA or Activesync.
0
 
LVL 1

Author Comment

by:jrojas1213
ID: 36545024
yes that is my problem I am trying to fix it but  please read the problem I am having

"I cant rmove the existing one because it states that it will stop to transport service and to just create a new one.  when I create a new one it senses the thump print of the existing cert and wont complete the install ?
"
0
 
LVL 1

Author Comment

by:jrojas1213
ID: 36545045
i kneed to know how to remove so I can update it with exactly what you said

mail.externaldomain.com (or whatever you chose)
autodiscover.externaldomain.com
internalservername.internaldomain.local
internalservername
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36545071
If you run the New Certificate wizard, generate a new Certificate Signing Request and then take that to your certificate provider, then re-key your certificate using the new request, get a new certificate issued, download the new certificate, install it on your Exchange server, enable it and assign services to it, then you can remove the incorrect certificate.

Leave the Exchange self-signed certificate alone.  It won't do any harm.
0
 
LVL 1

Author Comment

by:jrojas1213
ID: 36545532
yeah i just learned that its a single domain certificate.  so that is my problem.  my predecessor used rapidssl and they are expensive.  godaddy appears alot cheaper have you heard any issues with there certs ?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 36545738
No - they are fine - I use one from my GoDaddy Reseller Account.  The GoDaddy Reseller Account is actually cheaper than GoDaddy themselves!!
0
 
LVL 1

Assisted Solution

by:makyj
makyj earned 250 total points
ID: 36548741
We had a similar problem with our rapidssl certificate, and found that creating proxy exceptions via GP in local machines for the exchange ip and FQDN resolved this problem for us.

Might be a different issue, but worked for us...
0
 
LVL 1

Author Comment

by:jrojas1213
ID: 36549024
makyj, that seems like an interesting solution do you mean group policy when you say "gp" and could you provide what policy you configured to correct this thanks.

0
 
LVL 1

Expert Comment

by:makyj
ID: 36550967
Sorry - Yes GP = group policy.

I added proxy exceptions to IE via group policy.  Will post exact location and content when I am back in front of PC - few hours time.
0
 
LVL 1

Expert Comment

by:makyj
ID: 36551385
jrojas1213:

Here are the Group Policy on our Windows 2008 DC

User Configuration > Policies > WIndows Settings > Internet Explorer Maintenence > Connection > Proxy Settings | Exceptions

- Do not use proxy server flor local (intranet) addresses = Enabled
- Do not use proxy server addresses beginning with:
localhost
127.0.0.1
internalmailservername.local.externaldomain.com.au
mail.externaldomain.com.au
externaldomain.com.au
*.externaldomain.com.au

I realise some of these are duplicates, but if I give you all of them, hopefully they will work for you as well...  HTH
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question