Solved

Outlook Certificate Security Error

Posted on 2011-09-21
6
339 Views
Last Modified: 2012-05-12
I have a client that is running Exchange 2010.  Recently, several users have ported to Outlook 2010, and we have started getting several security errors about certificates.  Most of these I have been able to bypass by installing the certificates from the server on the local workstations, but there is one error that eludes me.  I am getting the error that "the name on the security certificate is invalid or does not match the name of the site."  When I view the certificate, it is for an AD domain that used to be on the other side of our site-to-site VPN, but that no longer exists.  If I try installing the certificate, it appears to succeed, but the next time I open Outlook, the same security error reappears.  Does anyone have any possible fixes?

TIA!
0
Comment
Question by:MasterComputing
6 Comments
 
LVL 9

Expert Comment

by:davealford
ID: 36574466
The 'name' on the certificate has to be the same as is entered into Outlook proxy settings URL and principle name for proxy server -

Certificate name - remote.mydomain.com
https://remote.mydomain.com
Principle name - msstd:remote.mydomain.com

 
0
 
LVL 4

Expert Comment

by:ctc1900
ID: 36576942
You most likely upgraded from Outlook 2000/2003 to 2010. If that's the case, you need to verify the Exchange 2010

http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/exchange-autodiscover.html
0
 

Author Comment

by:MasterComputing
ID: 36587538
This was a fresh install of Outlook 2010 - there were no prior versions installed.  I tried working through the steps in the above article, but when I entered the Set- commands, I just got a blinking cursor.  Perhaps a better question would be this - is there any way I can just get rid of that certificate, since the domain is no longer active?
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 250 total points
ID: 36915176
For Exchange 2010 (and 2007) you would be best advised to purchase a SAN / UCC SSL certificate with the following names included:

mail.externaldomain.com (or whatever you prefer)
autodiscover.externaldomain.com
internalservername.internaldomainname.local
internalservername

If you install a certificate with the above names then you will stop getting certificate prompts / errors and all aspects of Exchange will work, with the exception of Autodiscover, where you will have to add an A record in External DNS that points to the IP Address of your Exchange 2010 server.

GoDaddy are about the cheapest place to buy an SSL cert from (about $60 for a year), but a GoDaddy Reseller account is slightly cheaper.

Did you buy a SAN certificate or are you using the built-in one that Exchange provides?
0
 

Author Closing Comment

by:MasterComputing
ID: 37006653
Buying an SSL cert solved the problem.
0

Featured Post

Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

Join & Write a Comment

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now