Solved

Exchange 2010 - The name on the security certificate is invalid...

Posted on 2011-09-20
4
949 Views
Last Modified: 2012-05-12
So there is a lot of information about this and I did some research before posting because I was getting confused, so decided to post my own question to get some specific help.  

So, we had an Exchange 2003 server, upgraded to 2010.  We host internally and have OWA setup.  Purchased a certificate from godaddy for the domain and installed, everything is working fine for the OWA.  

Most machines have Outlook 2010, at first when Outlook was opened I users were receiving 2 of the Security Alerts (the name on the security certificate is invalid...).  So I did some research and should I should run the following commands in EMS:

Set-ClientAccessServer -Identity CAS1 -AutodiscoverServiceInternalUri https://webmail.mycompany.com/autodiscover/autodiscover.xml
 
Set-WebServicesVirtualDirectory -Identity “CAS1\EWS (Default Web Site)” -InternalUrl https://webmail.mycompany.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity “CAS1\oab (Default Web Site)” -InternalUrl https://webmail.mycompany.com/oab
 
Set-UMVirtualDirectory -Identity “CAS1\unifiedmessaging (Default Web Site)” -InternalUrl https://webmail.mycompany.com/unifiedmessaging/service.asmx

I ran the first 3 without issue, fourth one would not run, after research, seems like that is only for Exchange 2007.  Ok, so now I only receive 1 of the Security Alerts when I open Outlook.  

Here is also more information that is needed.  When the Security alert pops up when Outlook is opened, the domain at the top is:  exchange_server_name.domain.com

When I click on view certificate the issued to piece shows:  webmail.domain.com

So I am pretty sure that is where the problem is?  Just not sure the exact steps to fix this?  As always all help is appreciated...
0
Comment
Question by:teamorange
  • 2
4 Comments
 
LVL 13

Expert Comment

by:Govvy
Comment Utility
I believe you will need subject alternate names (SAN) on the certificate
0
 

Author Comment

by:teamorange
Comment Utility
Is that something that is done through Godaddy where I purchased the certificate?  Do I need to purchase another one?

Are they any other options?
0
 
LVL 13

Accepted Solution

by:
Govvy earned 500 total points
Comment Utility
You'll need a new cert with each subdomain configured as a SAN
0
 
LVL 3

Expert Comment

by:jabri007
Comment Utility
Hello,

How did you requested the certificate initially because you can do it from Exchange 2010 server itself

Refer: http://technet.microsoft.com/en-us/library/dd351057.aspx

ideally in a certificate you need the following DNS Names

1. OWA Common Name with External domain name
2. Autodiscover.<external domain name>
4, CAS Array name (optional)
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now