Solved

Exchange 2010 SP2 - SSL Certificate Problem

Posted on 2012-03-20
7
817 Views
Last Modified: 2012-03-23
We have just completed a migration from Exchange 2003 to Exchange 2010.  The server is an on-premise single server solution with a mix of Outlook 2003 & Outlook 2010 clients.  The server name is exchange.companyname.local and we have installed a GoDaddy SSL certificate in the name of office.companyname.co.uk which is the external name, this is assigned in IIS and currently works with Outlook We App with no problems.  The problem we are experiencing is that on the Outlook 2010 clients an SSL error keeps being displayed saying 'The name on the certificate does not match the server'.  I'm guessing there’s some additional configuration required somewhere since we installed the GoDaddy certificate.  Help would be very much appreciated. Thanks in advance.
0
Comment
Question by:jambomambo
  • 3
  • 2
7 Comments
 
LVL 24

Expert Comment

by:-MAS
ID: 37741688
1.Make sure 'exchange.companyname.local' and 'office.companyname.co.uk' is added in the certificate

2. Enable IIS services for the certificate installed

3. Configure autodiscover in the server. post the output of the below command
    Get-AutodiscoverVirtualDirectory | fl Name,internalurl,externalurl
0
 
LVL 24

Expert Comment

by:-MAS
ID: 37741716
Type 'Get-Exchangecertificate' and get the thumbprint and enable IIS service using the below command

Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e -Services IIS
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 37741744
If you bought a single name SSL certificate - you should have bought a SAN / UCC SSL certificate (multi name) and should include the following names in the certificate if you want to lose the errors:

office.companyname.co.uk
autodiscover.companyname.co.uk
exchange.companyname.local
exchange

You should also add an Autodiscover A record in your Domains DNS Records (not internally) and point it to the Public IP Address of your Exchange Server.

If you have all the above names - the errors should go away.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 24

Expert Comment

by:-MAS
ID: 37741857
As suggested by Alanhardisty
please add autodiscover.companyname.co.uk  also
I forgot to mention about autodiscover in my post
0
 

Author Comment

by:jambomambo
ID: 37742728
Thanks very much for your comments guys.  I am just in the process of obtaining another certificate from GoDaddy, it looks like they have a UCC option recommended for Exchange.  Hopefully this will sort it. I will let you know...
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 500 total points
ID: 37742741
It should do.  Use the New Certificate Wizard to generate the Request in the Exchange Management console> Server Config> New Certificate Wizard.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
How to redirect our OWA exchange 2016 address 3 37
Office 365 vs. In-House 4 30
EX2013 - track email 2 5
outlook, MIME 6 6
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now