• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 766
  • Last Modified:

Self signed certificate with Exchange

Hi,

Just installed Exchange 2010 from SBS 2011. The installation went without any problem. But the issue right now is each time a user log into MS Outlook, a pop up screen would show up, acknowledging the 'certificate' isn't trusted.

So you installed the certificate into its default location, close off MS Outlook, again the pop up screen appears about the certificate.

It appears this certificate is self signed when exchange was initially installed. But, if it's a domain certificate WHY it keeps popping up every time MS Outlook is open.

Is there a way to turn this thing off (e.g., using the GP Management console to installed it to computer) ? Would that work?????????

Heaps of thanks.
0
mcse2007
Asked:
mcse2007
  • 6
  • 5
1 Solution
 
Alan HardistyCommented:
The self-signed certificate can be made to work with Exchange, but the hassle and number of settings you need to tweak to make it work without any complaints all round just isn't worth it IMHO.

I would recommend you purchase a Go-Daddy SSL for about $180 (for 3 years) which needs to be a SAN / UCC SSL cert - max 5 names and you should include the following names in the cert:

remote.yourexternaldomain.com (or whatever you have chosen)
autodiscover.yourexternaldomain.com
internalservername.internaldomainname.local
internalservername
sites

Once this is installed - all error messages should disappear.
0
 
mcse2007Author Commented:
Thanks Alanhardisty........I gather 5 certificates that needed to be purchased as per the above?
0
 
Alan HardistyCommented:
Only one certificate - multiple names included in the certificate (Subject Alternative Name / Unified Communications Certificate).
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
mcse2007Author Commented:
Are these the links that you most referring to:

SAN
http://www.godaddy.com/domains/searchresults2.aspx?ci=16811


UCC
http://www.godaddy.com/domains/searchresults2.aspx?ci=42376

It is during the puchasing/registration of the certicate where you can nominate your 5 max names?
0
 
Alan HardistyCommented:
Try this:

http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=9039

Standard SSL - Multiple Domains UCC - Up To 5 Domains - Select the number of years you want (I usually go for 3 minimum).

These are $89.99 / year but my reseller site is $59.99 / year :)  Look at my profile for details if you are interested.
0
 
mcse2007Author Commented:
Sorry few more questions:
When you buy the Standard SSL - Multiple Domains UCC, installing it just like installing a typical SSL certificate, no different?
Also, what will happened to the Self Signed Certificate that is pre-installed?
Why would those annoying pop up screen from MS Outlook would go away, can't it self signed certificate address the issue?
0
 
Alan HardistyCommented:
When you buy the Standard SSL - Multiple Domains UCC, installing it just like installing a typical SSL certificate, no different?  Yep - exactly the same process.  Buy SSL cert, create CSR, request cert, approve certificate, download certificate, import certificate, assign services to certificate.

Also, what will happened to the Self Signed Certificate that is pre-installed?  It will still be installed, just not used.

Why would those annoying pop up screen from MS Outlook would go away, can't it self signed certificate address the issue?  The popups appear because of incorrect (lack of correct name) in the self-issued certificate.  Having a SAN cert with the right names in will make the error disappear.
0
 
mcse2007Author Commented:
B     R     I     L     L     I     A     N     T !!!!

Thank you so much sir.
0
 
Alan HardistyCommented:
:) - Glad it is working and the errors have gone away.

Alan
0
 
mcse2007Author Commented:
Hi Alanhardisty

A friend of mine asked me, would it be possible to purchase your registered SAN like:

*.domain.com

Rather than the following:

mail.domain.com
citrix.domain.com
www.domain.com
shop.domain.com
register.domain.com

Heaps of thanks
0
 
Alan HardistyCommented:
Wildcard certs are more expensive but you can buy one if you want, but you need the names I mentioned in my first post which a Wildcard cert won't cover.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now