Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ssl certificate for exchange

Posted on 2012-04-12
10
Medium Priority
?
424 Views
Last Modified: 2012-08-13
i ordered, paid, and installed (followed step by step instructions) a SSL certificate for exchange 2010. When I try to install outlook 2010 - i get an error message saying "the name of the security certificate is invalid or does not match the name of the site."

what should i do? this is the reason i bought the SSL to avoid the annoying pop ups

screen shot attached.
cert.PNG
0
Comment
Question by:fstinc
10 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37840845
If you click on the view certificate is it the right certificate what you configured?
0
 

Author Comment

by:fstinc
ID: 37840853
yes.
0
 
LVL 17

Expert Comment

by:Kent Dyer
ID: 37840855
is this a "site-wide" cert?  Or is this specific to a server?  Reading: exchange.fst.lan really sounds like an "internal" behind-the-scenes lan or server name.  However, are you really dealing with a server name cert, or an Exchange server cert?  In other words, if your e-mail address is jdoe@company.com, shouldn't the cert be exchange.company.com and not exchange.fst.lan?  Look at your existing cert and check it's detail either in Internet Explorer on your Exchange server or through the MMC Snapin for certs - most likely the old one is a trusted cert..  You can download it and view it locally or get the details from your server.  I know there used to be the old tool certutil that may help too.  You may need to go back to the vendor have them re-generate the cert for you depending on your findings.

HTH,

Kent
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:fstinc
ID: 37840864
yes, exchange.fst.lan is the fqdn of my local server.
0
 
LVL 17

Expert Comment

by:Kent Dyer
ID: 37840901
Is the cert exactly the same as your old one?  Did you switch vendors?

Kent
0
 

Author Comment

by:fstinc
ID: 37840903
I had a self assigned which i deleted. Amd imported new
0
 
LVL 22

Expert Comment

by:chakko
ID: 37841209
please take a look at this tool to help generate the proper command for a CSR.

When you created your SSL did you put multiple names, or did you only put the exchange.fst.lan name?  in the above page, the extra names would go in the Subject Alternative Names area.

You want an SSL with the multiple names (a UCC/SAN type of SSL certificate) to make things easier for yourself.
0
 

Author Comment

by:fstinc
ID: 37841217
yes, i included exchange.fst.lan as part of the ssl cert.

when i setup outlook (internally/externally) the domain is always exchange.fst.lan.  I found that externally outlook/configuration works just fine. But connected to the internal network is when i get that error message - assuming because exchange.fst.lan is the local server so it can't process the SSL?

what's the workaround here?
0
 
LVL 24

Expert Comment

by:Rajith Enchiparambil
ID: 37841982
Is the new cert assigned for services, like IIS?

Did you restart Exchange transport service after importing the cert?
0
 
LVL 10

Accepted Solution

by:
millardjk earned 2000 total points
ID: 37842171
What "Subject Alternative Names" are configured for the cert? You only showed us the common name.

Exchange 2007 and 2010 both require certificates for the FQDN, the "public" name (eg, mail.company.com) and the "autodiscover" FQDN (eg, autodiscover.company.com)

When you first start Outlook 2007 or Outlook2010, it validates your settings by contacting the autodiscover URL. You appear to have the DNS configuration correct, because it's getting to the right host, but without the cert for the autodiscover URL, you get the cert error.

You can provide the cert on the URL by using multiple standard certs, or a single "advanced" or "UC" cert that has both the common name and multiple SANs.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
If you have come across a situation where you need to find some EDB mailbox recovery techniques, then here you will find the same. In this article, we will take you through three techniques using which you will be able to perform EDB recovery. You …
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question