Solved

Exchange 2010 SSL Certificates

Posted on 2011-09-28
22
312 Views
Last Modified: 2012-05-12
I have an SBS 2011 server. I have used the Exchange Management Console to generate an SSL request and followed the Microsoft guidelines. I have rekeyed my existing SSL Cert and imported it into the server.
My Outlook 2010 clients are still getting certificate errors when logging on however. OWA works and Outlook Anywhere works for external users.
There are several Certificates in the Exchange Console now. Is it safe to remove any of them? I am going to reboot in about 1.5 hrs if that will make any difference.

Thanks.
0
Comment
Question by:nealerocks
  • 11
  • 10
22 Comments
 
LVL 16

Expert Comment

by:uescomp
ID: 36812947
I guess it depends on what has all been included in the cert, did you include your sbs, and sbs.local etc?
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36812959
I included all the required names as far as I know. The Exchange Wizard seemed to cover everything.
I have got:

mail.domain.com.au
mail.domain.local
autodiscover.domain.com.au
autodiscover.local
servername.local
servername.domain.com.au
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36813173
>>There are several Certificates in the Exchange Console now. Is it safe to remove any of them? I am going to reboot in about 1.5 hrs if that will make any difference.

Yes it is safe, but it is butter to take a backup of them.

Please update us if reboot does not help.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 12

Author Comment

by:nealerocks
ID: 36813285
Reboot didn't help. Users still got the error message.
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 500 total points
ID: 36814054
Please try to re-assign services to the certificate from EMC.
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36881168
Reassigned services. Not all users are getting the error message.
It seems not all of them were getting it anyway. Just a few.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36896621
Try to recreate the outlook profile for one of the affected users.
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36901802
Tried creating a new profile for an affected user and the cert error appeared as the account was being set up. It appeared again when I opened Outlook for the first time.
Any other ideas??

Thanks.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36901876
What does the error message show ? name mismatch ?

also please click on the view certificate, does it show the correct certificate ?
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36901900
It shows name mismatch, but I have included at least 5 names on the certificate. Outlook works fine, it is just annoying. Outlook Anywhere works fine also, and there are no certificate errors on OWA.
When I view the cert it looks fine, the issuer is correct.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36901927
On the top left of the error message, it will show the name of the server which is try to connect to.

what is it ?
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36901943
The server name is mail.domainname.local
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36902395
what is mail.domainname.local ? is it the local server name ?
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36902741
It is the domain name. The name on the certificate is mail.thecompaniesdomainname.com.au
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36902877
are you sure you internal domain is mail.domainname.local ?

hold on shift key and right click on outlook icon in notifications area, connection status. where is outlook connected, to mail.domainname.local  ?
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36902983
the internal domain is just mydomainname.local.
the certificate common name is the external domain name which includes mail
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36902989
the second question please,,, outlook part.
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36903063
Looks like the client is connecting to mail.mydomain.local
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36905105
TCP or http/s ?
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36908019
I have managed to resolve the issue. We had the wrong kind of SSL certificate. It wasn't a UCC. I have purchased the correct cert and ran the SBS wizards again and it is working.
No more error messages.
Thanks for all the help and suggestions!
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36908199
LOL,

You are welcome!
0
 
LVL 12

Author Closing Comment

by:nealerocks
ID: 36914937
You deserve some points for sticking with the question so long.
Thanks!
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read this checklist to learn more about the 15 things you should never include in an email signature.
A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question