• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 446
  • Last Modified:

Exchange 2010 Certificate

Should I remove the Microsoft certificate for exchange I have a 3rd party certificate in place. I am getting an error name on certificate is invalid. I believe the certificate may be causing other problems with active sync.
0
jatkins-ccn
Asked:
jatkins-ccn
  • 6
  • 5
1 Solution
 
Alan HardistyCommented:
No - don't remove the self-issued certificate.

What names are included in your SSL certificate?
0
 
jatkins-ccnAuthor Commented:
These are the name in my certificate


mail.domain.com
WWW.mail.domain.com
autodiscover.domain.com
domain.com
0
 
Alan HardistyCommented:
Okay - what is your internal domain name?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
jatkins-ccnAuthor Commented:
CCN.local is the internal domain
0
 
Alan HardistyCommented:
The names you should include in your SSL certificate are:

mail.domain.com
autodiscover.domain.com
server.CCN.local
server

With those names included - you shouldn't get any certificate errors popping up.

Best bet it to re-key your SSL certificate.
0
 
jatkins-ccnAuthor Commented:
OK, when I run the wizard for creating a new exchange certificate, I get confused weather I should use a wild card certificate or not. On the exchange certificate page should where should I add server? It is not clear to me.
0
 
Alan HardistyCommented:
Don't use a WildCard certificate.

On the Wizard - tick all the relevant boxes you want to use and fill in the appropriate names you plan on using e.g., mail.domain.com for OWA on the Internet / Activesync  and autodiscover.domain.com under the autodiscover section and server.internaldomain.local on the OWA on the Intranet.

I usually add the server under the legacy section.

Then make sure the next page shows all the names I suggested and that the primary name you want to use e.g., mail.domain.com is in Bold and then complete the Wizard.
0
 
jatkins-ccnAuthor Commented:
Thank You I will give it a try and let you know how it went.
0
 
jatkins-ccnAuthor Commented:
Thanks for the help. In getting my certificate, I found out after November 1, 2015 my Certificate provider does not allow internal domain names in the certificate. We had bought a 5 year certificate. So we went back to a 3 year certificate and  everything is working. I'm not sure how we will handle this in 3 years. If you have any ideas?
0
 
jatkins-ccnAuthor Commented:
Thanks for all the help.
0
 
Alan HardistyCommented:
Split Brain DNS is the answer for the future apparently!
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now