ssl certificate for exchange

i ordered, paid, and installed (followed step by step instructions) a SSL certificate for exchange 2010. When I try to install outlook 2010 - i get an error message saying "the name of the security certificate is invalid or does not match the name of the site."

what should i do? this is the reason i bought the SSL to avoid the annoying pop ups

screen shot attached.
cert.PNG
fstincAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AnuroopsunddCommented:
If you click on the view certificate is it the right certificate what you configured?
fstincAuthor Commented:
yes.
Kent DyerIT Security Analyst SeniorCommented:
is this a "site-wide" cert?  Or is this specific to a server?  Reading: exchange.fst.lan really sounds like an "internal" behind-the-scenes lan or server name.  However, are you really dealing with a server name cert, or an Exchange server cert?  In other words, if your e-mail address is jdoe@company.com, shouldn't the cert be exchange.company.com and not exchange.fst.lan?  Look at your existing cert and check it's detail either in Internet Explorer on your Exchange server or through the MMC Snapin for certs - most likely the old one is a trusted cert..  You can download it and view it locally or get the details from your server.  I know there used to be the old tool certutil that may help too.  You may need to go back to the vendor have them re-generate the cert for you depending on your findings.

HTH,

Kent
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

fstincAuthor Commented:
yes, exchange.fst.lan is the fqdn of my local server.
Kent DyerIT Security Analyst SeniorCommented:
Is the cert exactly the same as your old one?  Did you switch vendors?

Kent
fstincAuthor Commented:
I had a self assigned which i deleted. Amd imported new
chakkoCommented:
please take a look at this tool to help generate the proper command for a CSR.

When you created your SSL did you put multiple names, or did you only put the exchange.fst.lan name?  in the above page, the extra names would go in the Subject Alternative Names area.

You want an SSL with the multiple names (a UCC/SAN type of SSL certificate) to make things easier for yourself.
fstincAuthor Commented:
yes, i included exchange.fst.lan as part of the ssl cert.

when i setup outlook (internally/externally) the domain is always exchange.fst.lan.  I found that externally outlook/configuration works just fine. But connected to the internal network is when i get that error message - assuming because exchange.fst.lan is the local server so it can't process the SSL?

what's the workaround here?
Rajith EnchiparambilOffice 365 & Exchange ArchitectCommented:
Is the new cert assigned for services, like IIS?

Did you restart Exchange transport service after importing the cert?
millardjkCommented:
What "Subject Alternative Names" are configured for the cert? You only showed us the common name.

Exchange 2007 and 2010 both require certificates for the FQDN, the "public" name (eg, mail.company.com) and the "autodiscover" FQDN (eg, autodiscover.company.com)

When you first start Outlook 2007 or Outlook2010, it validates your settings by contacting the autodiscover URL. You appear to have the DNS configuration correct, because it's getting to the right host, but without the cert for the autodiscover URL, you get the cert error.

You can provide the cert on the URL by using multiple standard certs, or a single "advanced" or "UC" cert that has both the common name and multiple SANs.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.