Solved

Exchange 2010 SSL Certificates

Posted on 2011-09-28
22
303 Views
Last Modified: 2012-05-12
I have an SBS 2011 server. I have used the Exchange Management Console to generate an SSL request and followed the Microsoft guidelines. I have rekeyed my existing SSL Cert and imported it into the server.
My Outlook 2010 clients are still getting certificate errors when logging on however. OWA works and Outlook Anywhere works for external users.
There are several Certificates in the Exchange Console now. Is it safe to remove any of them? I am going to reboot in about 1.5 hrs if that will make any difference.

Thanks.
0
Comment
Question by:nealerocks
  • 11
  • 10
22 Comments
 
LVL 16

Expert Comment

by:uescomp
ID: 36812947
I guess it depends on what has all been included in the cert, did you include your sbs, and sbs.local etc?
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36812959
I included all the required names as far as I know. The Exchange Wizard seemed to cover everything.
I have got:

mail.domain.com.au
mail.domain.local
autodiscover.domain.com.au
autodiscover.local
servername.local
servername.domain.com.au
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36813173
>>There are several Certificates in the Exchange Console now. Is it safe to remove any of them? I am going to reboot in about 1.5 hrs if that will make any difference.

Yes it is safe, but it is butter to take a backup of them.

Please update us if reboot does not help.
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36813285
Reboot didn't help. Users still got the error message.
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 500 total points
ID: 36814054
Please try to re-assign services to the certificate from EMC.
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36881168
Reassigned services. Not all users are getting the error message.
It seems not all of them were getting it anyway. Just a few.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36896621
Try to recreate the outlook profile for one of the affected users.
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36901802
Tried creating a new profile for an affected user and the cert error appeared as the account was being set up. It appeared again when I opened Outlook for the first time.
Any other ideas??

Thanks.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36901876
What does the error message show ? name mismatch ?

also please click on the view certificate, does it show the correct certificate ?
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36901900
It shows name mismatch, but I have included at least 5 names on the certificate. Outlook works fine, it is just annoying. Outlook Anywhere works fine also, and there are no certificate errors on OWA.
When I view the cert it looks fine, the issuer is correct.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36901927
On the top left of the error message, it will show the name of the server which is try to connect to.

what is it ?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 12

Author Comment

by:nealerocks
ID: 36901943
The server name is mail.domainname.local
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36902395
what is mail.domainname.local ? is it the local server name ?
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36902741
It is the domain name. The name on the certificate is mail.thecompaniesdomainname.com.au
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36902877
are you sure you internal domain is mail.domainname.local ?

hold on shift key and right click on outlook icon in notifications area, connection status. where is outlook connected, to mail.domainname.local  ?
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36902983
the internal domain is just mydomainname.local.
the certificate common name is the external domain name which includes mail
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36902989
the second question please,,, outlook part.
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36903063
Looks like the client is connecting to mail.mydomain.local
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36905105
TCP or http/s ?
0
 
LVL 12

Author Comment

by:nealerocks
ID: 36908019
I have managed to resolve the issue. We had the wrong kind of SSL certificate. It wasn't a UCC. I have purchased the correct cert and ran the SBS wizards again and it is working.
No more error messages.
Thanks for all the help and suggestions!
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36908199
LOL,

You are welcome!
0
 
LVL 12

Author Closing Comment

by:nealerocks
ID: 36914937
You deserve some points for sticking with the question so long.
Thanks!
0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video discusses moving either the default database or any database to a new volume.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now