Solved

Outlook Certificate Security Error

Posted on 2011-09-21
6
343 Views
Last Modified: 2012-05-12
I have a client that is running Exchange 2010.  Recently, several users have ported to Outlook 2010, and we have started getting several security errors about certificates.  Most of these I have been able to bypass by installing the certificates from the server on the local workstations, but there is one error that eludes me.  I am getting the error that "the name on the security certificate is invalid or does not match the name of the site."  When I view the certificate, it is for an AD domain that used to be on the other side of our site-to-site VPN, but that no longer exists.  If I try installing the certificate, it appears to succeed, but the next time I open Outlook, the same security error reappears.  Does anyone have any possible fixes?

TIA!
0
Comment
Question by:MasterComputing
6 Comments
 
LVL 9

Expert Comment

by:davealford
ID: 36574466
The 'name' on the certificate has to be the same as is entered into Outlook proxy settings URL and principle name for proxy server -

Certificate name - remote.mydomain.com
https://remote.mydomain.com
Principle name - msstd:remote.mydomain.com

 
0
 
LVL 4

Expert Comment

by:ctc1900
ID: 36576942
You most likely upgraded from Outlook 2000/2003 to 2010. If that's the case, you need to verify the Exchange 2010

http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/exchange-autodiscover.html
0
 

Author Comment

by:MasterComputing
ID: 36587538
This was a fresh install of Outlook 2010 - there were no prior versions installed.  I tried working through the steps in the above article, but when I entered the Set- commands, I just got a blinking cursor.  Perhaps a better question would be this - is there any way I can just get rid of that certificate, since the domain is no longer active?
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 250 total points
ID: 36915176
For Exchange 2010 (and 2007) you would be best advised to purchase a SAN / UCC SSL certificate with the following names included:

mail.externaldomain.com (or whatever you prefer)
autodiscover.externaldomain.com
internalservername.internaldomainname.local
internalservername

If you install a certificate with the above names then you will stop getting certificate prompts / errors and all aspects of Exchange will work, with the exception of Autodiscover, where you will have to add an A record in External DNS that points to the IP Address of your Exchange 2010 server.

GoDaddy are about the cheapest place to buy an SSL cert from (about $60 for a year), but a GoDaddy Reseller account is slightly cheaper.

Did you buy a SAN certificate or are you using the built-in one that Exchange provides?
0
 

Author Closing Comment

by:MasterComputing
ID: 37006653
Buying an SSL cert solved the problem.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Outlook 2016: Search for messages not working - comes up empty 19 68
Exchange OWA website Redirection 7 47
MS Outlook auto update conflicts 5 29
exchange 2007 1 16
Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
You need to know the location of the Office templates folder, so that when you create new templates, they are saved to that location, and thus are available for selection when creating new documents.  The steps to find the Templates folder path are …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This video discusses moving either the default database or any database to a new volume.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question