Justin H
asked on
sbs 2011 remote.xyz.com ssl certificate keeps popping up as invalid on clients
We have a migration that was completed from sbs 2003 to 2011 this weekend. In order to keep things completely seamless, we wanted to use the same dns for external access as mail.xyz.com instead of the standard remote.xyz.com
We imported a valid SSL from godaddy and its working and validates when you use mail.yxz.com to access.
I have checked all the settings in the exchange management console to point to mail. instead of remote. but still the clients are poping up certificate errors because they are not valid on all 3 points. When i view the cert its trying to use the mail.cert but its using the remote. URL.
Anyways, i think i need to remove the remote. certs because one of them is assigned to SMTP but it will not let me in the EMC. Any ideas on how to get this working?
We imported a valid SSL from godaddy and its working and validates when you use mail.yxz.com to access.
I have checked all the settings in the exchange management console to point to mail. instead of remote. but still the clients are poping up certificate errors because they are not valid on all 3 points. When i view the cert its trying to use the mail.cert but its using the remote. URL.
Anyways, i think i need to remove the remote. certs because one of them is assigned to SMTP but it will not let me in the EMC. Any ideas on how to get this working?
In EMC make sure that the External URL is pointing to Mail ... also make sure that the Cert is imported in IIS.
- Rancy
- Rancy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I agree with RobWill :) - please try if there is any issues we can surely jump to assist you.
- Rancy
- Rancy
If you still face the issue after running Configure your internet address wizard, then run test-outlookwebservices | fl command in Exchange poweshell and check if it errors anywhere. If it does then provde the complete output here.
"Configure your internet address" wizard in the SBS console
Will basically provide you the following details from your SBS console.
=> autodiscover.domain.com
=> mail.domain.com
=> CAS Server
=> CAS FQDN
You'll simply need the above URL on your cert to have your folks go error free. However, in order to simplify the process - the process id defined above AND mentioned in earlier post.
Regards,
Exchange_Geek
Will basically provide you the following details from your SBS console.
=> autodiscover.domain.com
=> mail.domain.com
=> CAS Server
=> CAS FQDN
You'll simply need the above URL on your cert to have your folks go error free. However, in order to simplify the process - the process id defined above AND mentioned in earlier post.
Regards,
Exchange_Geek
ASKER
When I run the reconfigure your internet address it will remove the SSL that I have imported via godaddy and assign its own self signed. Will I still be able to then re-import the godaddy, or do i need to rekey and reissue it?
Please refer the below link about third party certificate.
(http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.html)
(http://www.msexchange.org/articles_tutorials/exchange-server-2007/mobility-client-access/securing-exchange-2007-client-access-server-3rd-party-san-certificate.html)
You'll need to re-issue the cert against a new key. I think GoDaddy doesn't charge for re-issuing certs.
Regards,
Exchange_Geek
Regards,
Exchange_Geek
@Sushil84: The link doesn't talk about SBS, which is what is being talked about.
Regards,
Exchange_Geek
Regards,
Exchange_Geek
I am not certain you will need to re-key.
Running the wizard will create a new self-signed certificate but I don't believe it will replace the 3rd party cert. Without changing the prefix you can safely run the wizard at any time with no repercussions, I have done so often. To the best of my knowledge changing the prefix and running the wizard will not have any ill effects either, though I have not had the need to try that. Of course the new prefix and certificate must match but in your case you they will.
Normally installing the 3rd party certificate the 'SBS way' (see link) adds a certificate, and does not replace the existing cert. You might have to re-associate the 3rd party cert with the appropriate sites.
http://blog.lan-tech.ca/2012/05/17/sbs-2008-2011-adding-an-ssl-certificate/
Running the wizard will create a new self-signed certificate but I don't believe it will replace the 3rd party cert. Without changing the prefix you can safely run the wizard at any time with no repercussions, I have done so often. To the best of my knowledge changing the prefix and running the wizard will not have any ill effects either, though I have not had the need to try that. Of course the new prefix and certificate must match but in your case you they will.
Normally installing the 3rd party certificate the 'SBS way' (see link) adds a certificate, and does not replace the existing cert. You might have to re-associate the 3rd party cert with the appropriate sites.
http://blog.lan-tech.ca/2012/05/17/sbs-2008-2011-adding-an-ssl-certificate/
@Exchange_Geek : On SBS also it will be work.
SBS works differently, natively Microsoft has provided it wizards that help it configure - one should stick to what is provided and not mess around.
To what you have provided is industry standard for E2007 boxes - but understand this is SBS
Read the details provided by MS about the wizard.
http://technet.microsoft.com/en-us/library/cc546055(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc546059.aspx
Regards,
Exchange_Geek
To what you have provided is industry standard for E2007 boxes - but understand this is SBS
Read the details provided by MS about the wizard.
http://technet.microsoft.com/en-us/library/cc546055(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc546059.aspx
Regards,
Exchange_Geek
Remove-ExchangeCertificate
Refer link : (http://technet.microsoft.com/en-us/library/aa997569(v=exchg.80).aspx)