We help IT Professionals succeed at work.

Certificate SAN Mismatch

I have a CAS array setup with a Netscaler for loadbalancing and the 2 CAS servers (exchange 2010 RU5) are configured for SSL Offloading. This is still in a testing phase but everything seems to be working well. However when I run the Best Practices Analyzer I get the error that "The subject alternative name (SAN) of SSL certificate for https://mail.domain.com/Autodiscover....(I get an entry for each virtual directory) does not appear to match the host address. Host address mail.domain.com. Current SAN: DNS Name=*.domain.com, DNS Name=domain.com.
I have added a SAN Cert to the Netscaler.

Since I'm doing SSL Offloading, does this really matter? Am I missing something here?
Watch Question

I've gotten this many times with no issue. The BPA tool looks at the FQDN (exchange.mydomain.com) and compares it to the FQDN on the certificate. They do not match exactly since the certificate has *.mydomain.com. You can safely ignore this, since the * will match as it is a wildcard certificate.
AkhaterSolutions Architect

Julian is perfectly right, it is one of those shortcoming of the ExBPA, it does not understand the * as being a wild card, nothing to worry about


Great! Thanks. That's what I thought but I just wanted to confirm.
Thanks a lot.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.