?
Solved

Outlook Certificate Security Error

Posted on 2011-09-21
6
Medium Priority
?
345 Views
Last Modified: 2012-05-12
I have a client that is running Exchange 2010.  Recently, several users have ported to Outlook 2010, and we have started getting several security errors about certificates.  Most of these I have been able to bypass by installing the certificates from the server on the local workstations, but there is one error that eludes me.  I am getting the error that "the name on the security certificate is invalid or does not match the name of the site."  When I view the certificate, it is for an AD domain that used to be on the other side of our site-to-site VPN, but that no longer exists.  If I try installing the certificate, it appears to succeed, but the next time I open Outlook, the same security error reappears.  Does anyone have any possible fixes?

TIA!
0
Comment
Question by:MasterComputing
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Expert Comment

by:davealford
ID: 36574466
The 'name' on the certificate has to be the same as is entered into Outlook proxy settings URL and principle name for proxy server -

Certificate name - remote.mydomain.com
https://remote.mydomain.com
Principle name - msstd:remote.mydomain.com

 
0
 
LVL 4

Expert Comment

by:ctc1900
ID: 36576942
You most likely upgraded from Outlook 2000/2003 to 2010. If that's the case, you need to verify the Exchange 2010

http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/exchange-autodiscover.html
0
 

Author Comment

by:MasterComputing
ID: 36587538
This was a fresh install of Outlook 2010 - there were no prior versions installed.  I tried working through the steps in the above article, but when I entered the Set- commands, I just got a blinking cursor.  Perhaps a better question would be this - is there any way I can just get rid of that certificate, since the domain is no longer active?
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 1000 total points
ID: 36915176
For Exchange 2010 (and 2007) you would be best advised to purchase a SAN / UCC SSL certificate with the following names included:

mail.externaldomain.com (or whatever you prefer)
autodiscover.externaldomain.com
internalservername.internaldomainname.local
internalservername

If you install a certificate with the above names then you will stop getting certificate prompts / errors and all aspects of Exchange will work, with the exception of Autodiscover, where you will have to add an A record in External DNS that points to the IP Address of your Exchange 2010 server.

GoDaddy are about the cheapest place to buy an SSL cert from (about $60 for a year), but a GoDaddy Reseller account is slightly cheaper.

Did you buy a SAN certificate or are you using the built-in one that Exchange provides?
0
 

Author Closing Comment

by:MasterComputing
ID: 37006653
Buying an SSL cert solved the problem.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
Outlook for dependable use in a very small business   This article is about using the Outlook application (part of Microsoft Office) in a very small business, or for homeowners where dependability and reliability are critical requirements. This …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
Suggested Courses
Course of the Month11 days, 3 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question