jrojas1213
asked on
exchange 2010 exchange certificates
hello all thank you for your time
I just recently installed a exchange 2010 and I im having a slight issue with my outlook 2007 client after I log on. i get a security alert and it seems to be lookign at my ssl certificate from my vendor for my owa domain. I thought it would look at the self assigned on but it appears not to be the case. the ssl certificate only list the owa domain so I thought I would remove the existing and reinstall a new one listing the local domainof the server in the "subject alternatives"
I cant rmove the existing one because it states that it will stop to transport service and to just create a new one. when I create a new one it senses the thump print of the existing cert and wont complete the install ?
can anyone help me ?
I just recently installed a exchange 2010 and I im having a slight issue with my outlook 2007 client after I log on. i get a security alert and it seems to be lookign at my ssl certificate from my vendor for my owa domain. I thought it would look at the self assigned on but it appears not to be the case. the ssl certificate only list the owa domain so I thought I would remove the existing and reinstall a new one listing the local domainof the server in the "subject alternatives"
I cant rmove the existing one because it states that it will stop to transport service and to just create a new one. when I create a new one it senses the thump print of the existing cert and wont complete the install ?
can anyone help me ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i kneed to know how to remove so I can update it with exactly what you said
mail.externaldomain.com (or whatever you chose)
autodiscover.externaldomai n.com
internalservername.interna ldomain.lo cal
internalservername
mail.externaldomain.com (or whatever you chose)
autodiscover.externaldomai
internalservername.interna
internalservername
If you run the New Certificate wizard, generate a new Certificate Signing Request and then take that to your certificate provider, then re-key your certificate using the new request, get a new certificate issued, download the new certificate, install it on your Exchange server, enable it and assign services to it, then you can remove the incorrect certificate.
Leave the Exchange self-signed certificate alone. It won't do any harm.
Leave the Exchange self-signed certificate alone. It won't do any harm.
ASKER
yeah i just learned that its a single domain certificate. so that is my problem. my predecessor used rapidssl and they are expensive. godaddy appears alot cheaper have you heard any issues with there certs ?
No - they are fine - I use one from my GoDaddy Reseller Account. The GoDaddy Reseller Account is actually cheaper than GoDaddy themselves!!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
makyj, that seems like an interesting solution do you mean group policy when you say "gp" and could you provide what policy you configured to correct this thanks.
Sorry - Yes GP = group policy.
I added proxy exceptions to IE via group policy. Will post exact location and content when I am back in front of PC - few hours time.
I added proxy exceptions to IE via group policy. Will post exact location and content when I am back in front of PC - few hours time.
jrojas1213:
Here are the Group Policy on our Windows 2008 DC
User Configuration > Policies > WIndows Settings > Internet Explorer Maintenence > Connection > Proxy Settings | Exceptions
- Do not use proxy server flor local (intranet) addresses = Enabled
- Do not use proxy server addresses beginning with:
localhost
127.0.0.1
internalmailservername.loc al.externa ldomain.co m.au
mail.externaldomain.com.au
externaldomain.com.au
*.externaldomain.com.au
I realise some of these are duplicates, but if I give you all of them, hopefully they will work for you as well... HTH
Here are the Group Policy on our Windows 2008 DC
User Configuration > Policies > WIndows Settings > Internet Explorer Maintenence > Connection > Proxy Settings | Exceptions
- Do not use proxy server flor local (intranet) addresses = Enabled
- Do not use proxy server addresses beginning with:
localhost
127.0.0.1
internalmailservername.loc
mail.externaldomain.com.au
externaldomain.com.au
*.externaldomain.com.au
I realise some of these are duplicates, but if I give you all of them, hopefully they will work for you as well... HTH
ASKER
"I cant rmove the existing one because it states that it will stop to transport service and to just create a new one. when I create a new one it senses the thump print of the existing cert and wont complete the install ?
"