[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 951
  • Last Modified:

Certificate security warning in Outlook after migrating from SBS 2003 to SBS 2011


We have a internal domain called "company.local" and a public domain called "company.com".  The public domain is managed by an ISP and is managing MX records pointing to our public IP address for the SMTP server.
After migrating from SBS 2003 to SBS 2011 we get Certificate Security warnings when Outlook is started. The presented certificate seems to be a trusted certificate published for the public domain name. We have tries installing the certificate but the security warning keep coming back.

During SBS 2011 migration we used the "Configure the Internet address" wizard to configure the domain name. We then entered the public domain "company.com". Is this correct or should we have used the "company.local" instead?

We are able to receive/send email and everything seems to work fine except the certificate security warnings popping up in Oulook.

We have not yet installed a SSL certificate from VeriSign/DigiCert on the SBS 2011 server.

How can we get rid of the certificate security warnings? Do we have to reconfigure the Internet Address from the public domain name to the internal domain name?

  • 2
2 Solutions
Praveen BalanSolution ArchitectCommented:

It looks like you have not imported the required Sub Alt Name(SAN) for the new exchange 2010 internal URLs.

The client connectivity is little different in Exchange 2010 from Exchange 2003. When Outlook connects(2003 Sp2 and above) to the exchange it uses auto-discover, cas server, and many different URLs .. All these FQDN should be available in the SAN list.

you may refer below URLs..



Hope this may help you to go forward...


As an alternative to purchasing a SAN certificate, you can uuse the exchange management shell to configure the client access server internal urls to match the one on your certificate:

This KB describes the issue you face: http://support.microsoft.com/kb/940726

This will fix it: http://msunified.net/2010/05/07/script-for-configuring-exchange-2010-internal-and-external-urls/

Also here: http://www.microsoftnow.com/2008/04/certficate-name-mismatch-in-outlook.html
(This describes the process in Exchange 2007 - it's the same for 2010)
it_proffenAuthor Commented:
The solution was to install a SAN certificate and use Exchange management shell to configure the internalurl and externalurls to match the names in the certificate.
Glad you got it fixed.  As a footnote, it can be made to work using a basic SSL certificate, not a SAN cert, but it is a bit of a fudge, and not supported.

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now