Certificate security warning in Outlook after migrating from SBS 2003 to SBS 2011

Posted on 2011-10-27
Last Modified: 2012-05-12

We have a internal domain called "company.local" and a public domain called "".  The public domain is managed by an ISP and is managing MX records pointing to our public IP address for the SMTP server.
After migrating from SBS 2003 to SBS 2011 we get Certificate Security warnings when Outlook is started. The presented certificate seems to be a trusted certificate published for the public domain name. We have tries installing the certificate but the security warning keep coming back.

During SBS 2011 migration we used the "Configure the Internet address" wizard to configure the domain name. We then entered the public domain "". Is this correct or should we have used the "company.local" instead?

We are able to receive/send email and everything seems to work fine except the certificate security warnings popping up in Oulook.

We have not yet installed a SSL certificate from VeriSign/DigiCert on the SBS 2011 server.

How can we get rid of the certificate security warnings? Do we have to reconfigure the Internet Address from the public domain name to the internal domain name?

Question by:it_proffen
    LVL 7

    Accepted Solution


    It looks like you have not imported the required Sub Alt Name(SAN) for the new exchange 2010 internal URLs.

    The client connectivity is little different in Exchange 2010 from Exchange 2003. When Outlook connects(2003 Sp2 and above) to the exchange it uses auto-discover, cas server, and many different URLs .. All these FQDN should be available in the SAN list.

    you may refer below URLs..

    Hope this may help you to go forward...


    LVL 12

    Assisted Solution

    As an alternative to purchasing a SAN certificate, you can uuse the exchange management shell to configure the client access server internal urls to match the one on your certificate:

    This KB describes the issue you face:

    This will fix it:

    Also here:
    (This describes the process in Exchange 2007 - it's the same for 2010)
    LVL 2

    Author Closing Comment

    The solution was to install a SAN certificate and use Exchange management shell to configure the internalurl and externalurls to match the names in the certificate.
    LVL 12

    Expert Comment

    Glad you got it fixed.  As a footnote, it can be made to work using a basic SSL certificate, not a SAN cert, but it is a bit of a fudge, and not supported.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Get an idea of what you should include in an email disclaimer with these Top 5 email disclaimer tips.
    Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
    This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
    The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now