• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 348
  • Last Modified:

Outlook Certificate Security Error

I have a client that is running Exchange 2010.  Recently, several users have ported to Outlook 2010, and we have started getting several security errors about certificates.  Most of these I have been able to bypass by installing the certificates from the server on the local workstations, but there is one error that eludes me.  I am getting the error that "the name on the security certificate is invalid or does not match the name of the site."  When I view the certificate, it is for an AD domain that used to be on the other side of our site-to-site VPN, but that no longer exists.  If I try installing the certificate, it appears to succeed, but the next time I open Outlook, the same security error reappears.  Does anyone have any possible fixes?

TIA!
0
MasterComputing
Asked:
MasterComputing
1 Solution
 
davealfordCommented:
The 'name' on the certificate has to be the same as is entered into Outlook proxy settings URL and principle name for proxy server -

Certificate name - remote.mydomain.com
https://remote.mydomain.com
Principle name - msstd:remote.mydomain.com

 
0
 
ctc1900Commented:
You most likely upgraded from Outlook 2000/2003 to 2010. If that's the case, you need to verify the Exchange 2010

http://www.msexchange.org/articles_tutorials/exchange-server-2010/management-administration/exchange-autodiscover.html
0
 
MasterComputingAuthor Commented:
This was a fresh install of Outlook 2010 - there were no prior versions installed.  I tried working through the steps in the above article, but when I entered the Set- commands, I just got a blinking cursor.  Perhaps a better question would be this - is there any way I can just get rid of that certificate, since the domain is no longer active?
0
 
Alan HardistyCommented:
For Exchange 2010 (and 2007) you would be best advised to purchase a SAN / UCC SSL certificate with the following names included:

mail.externaldomain.com (or whatever you prefer)
autodiscover.externaldomain.com
internalservername.internaldomainname.local
internalservername

If you install a certificate with the above names then you will stop getting certificate prompts / errors and all aspects of Exchange will work, with the exception of Autodiscover, where you will have to add an A record in External DNS that points to the IP Address of your Exchange 2010 server.

GoDaddy are about the cheapest place to buy an SSL cert from (about $60 for a year), but a GoDaddy Reseller account is slightly cheaper.

Did you buy a SAN certificate or are you using the built-in one that Exchange provides?
0
 
MasterComputingAuthor Commented:
Buying an SSL cert solved the problem.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now