• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 259
  • Last Modified:

Exchange 2010 SSL error

Hi Expert,

I have exchange svr 2010 and installed OFFICIAL SSL certificate. Everything(autodiscovery/OOF/free busy) is working fine except when user use Otlook from outside office, they get SSL certificate about autodiscover.domain.com .
Could you advise what I should focus to fix ?
0
bominthu
Asked:
bominthu
  • 4
  • 3
  • 2
1 Solution
 
Neil RussellTechnical Development LeadCommented:
Your cert should be UCC certificate that includes at minimum:-

webmail.domain.com
autodiscover.domain.com
(If you use a different name for webmail internally) webmailinternalurl.domain.com
servername.domain.com (a preference)

This will cure all known cert errors, in my experience
0
 
Hendrik WieseInformation Security ManagerCommented:
Sorry your question is not clear. What error do they get when trying to access OWA from external?
0
 
bominthuAuthor Commented:
Certicate warning when use ms outlook 2007 fromoutside office

Rgds
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Hendrik WieseInformation Security ManagerCommented:
Does it state that there is a mismatch?

Try the following:
1. Ensure that you have assigned the correct services to your UCC SSL Certificate.
2. Also ensure that your external url: autodiscover.domain.com is included in the certificate
0
 
bominthuAuthor Commented:
My ssl cert is webmail.domain.com
autodiscover.domain.com is not included
0
 
Hendrik WieseInformation Security ManagerCommented:
You would need to purchase a UCC SSL Certificate and include the webmail.domain.com, autodiscover.domain.com and CASServerName.domain.com for this to work properly.
0
 
Neil RussellTechnical Development LeadCommented:
Exactly what I said in the first post.
0
 
Hendrik WieseInformation Security ManagerCommented:
Yip just as you said, I just want him to include the CASServername as well.
0
 
bominthuAuthor Commented:
This is exactly what happened to me http://blogs.technet.com/b/sbs/archive/2010/01/05/troubleshooting-certificate-mismatch-warnings-in-outlook-2007-clients-on-small-business-server-2008.aspx .

But when I added SRV record as mentioned in that link, it doesn't make different.
His instruction is wrong ?
I'm just investigating further if I really need to buy UCC certificate or not.

Regard,
BMT
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now