exchange 2010 certificate pop up in outlook

Did you import the certificate on your primary domain controller, because that seemed to have worked for me in the past. But you have to import it on the local machine using mmc.

Follow my article up until step 7 and come back to this comment: https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_8398-How-to-Deleting-a-SSL-Certificate-using-MMC.html

8. Now Right click on Personal > All Tasks > Import...
9. Click Next
10. Now Browse to your certificate and click next etc.
11. Give a minute or two and test again.

Hi. Am I doing this on the local PCs/terminal server or the DC?

Wes

if you imported the 3rd party correctly then you should NOT have warning !


what names did you include in the SAN certificate ?

what is the EXACT warning ? can you share a screenshot ? is it that it is not trusted or does not match the name ?

The certificate was imported properly, infact it was only imported as an active sync cert
cert-warning.docx

not even sure what this has to do with a site.  there is no site, just a an outlookk 2010 client using exchange 2010 locally.

1. you cannot import a certificate as activesync only, if you assign it for IIS it will affect activesync/owa and outlook 2007/2010
2. your certificate was imported properly
3. the warning is clear there is no de-es.de.local in the SAN of the certificate just rekey the certificate to include this name and it will solve your issue

What do you mean by "rekey" ?  

once you buy a certificate you should be able to issue as many times as you want as long as you are still in the validity period

1. from exchange create a new CSR to include de-es.de.local along with all other names you have
2. use this CSR to rekey the certificate at your Certificate Authority (if you have problems with that you should contact the support of your CA. I could help with godaddy because I know it well enough)
3.reimport the new certificate and enable it for IIS

Ok.  it is from godaddy.  I was under the impression that I could only have 1 name per certificate

Are absolutley sure about this?  Everyone I spoke with at godaddy said I had the right one (not that they are the authority on exchange)  I just want to be sure that this will work.

Yea you can trust me on this one :o)

ok thanks  ill get this reissued.  btw - can users be in outlook while I'm doing this?  
I can't remember, when I generate the CSR I can pick the .local as the primary and then add the mail.mydomain.com

yes you can do it while everyone is working no prob

the primary name should be mail.mydomain.com and not the .local

make sure mail.mydomain.com is in bold and then add autodiscover and the .local

ok great.  I'm gonna do the auto discover as well.  is there anything I need to know about that?

Thank you!!!

no basically that's it, if you have any troubles during the process just update this thread

oh 1 more thing. Do I jsut remove the current cert via exchange or do I do that somewhere else?

Wes

what do you mean by removing the certificate ? do not touch the current certificate for now, once you get the new one and you assign it to iis you can delete the old one from exchange console

oh ok cool thanks