New 3rd Party SSL Certificate Stops OWA and Activesync working


I have recently been asked to change the exisiting self-signed SSL Certificate on a server for a 3rd party Certificate for compliance reasons.

I have new certificates from

The exisiting certificate is for "" issued by ""

My new one if for "" issued by Network Solutions DV Server.

I have installed the 2 other certificates (AddTrustExternalCARoot) and (NetworkSolutionsDVserverCA) to the Intermediate Certification Authorities Certificates using MMC and Certificates. As well as placing the "" certificate into Personal.

However, as soon as i replace my existing self-signed certificate (which all works) with the new NetworkSolutions Certificate, OWA and Activesync stop working.

What am I missing? Help
LVL 15
Who is Participating?

Improve company productivity with a Business Account.Sign Up

OriNetworksConnect With a Mentor Commented:
Was the self-signed cert also for or simply mailservername? You may need to install any trusted roots that are not currently on your clients.
what SAN's have you included in the certificate

what services have you attached to the certificate

once you have changed it over you can use
to check for errors
jerseysamAuthor Commented:
I only included our ""

how do i attach services etc?

Shall i post the  log?
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

jerseysamAuthor Commented:
Yes self-signed was exactly same (

How do i install trusted roots on clients and iphones etc?
it depends on how you have your external service configured

is OWA and Active Sync pointed at the same url i.e. or
to attach services...

follow the last bit - if you assign IIS then that will cover OWA and Active Sync

if you post the log then it might be easier to see where any possible problems are
jerseysamAuthor Commented:
Exchange 2003 and IIS v 6.0 so dont seem to have assign services
ahh sorry, my fault had assumed 2007 or 2010

you will probably need to do something in IIS, let me have a check its been a while since i played with 2003
jerseysamAuthor Commented:

think i need to create a new CRS request or somehting?

Seems that OWA works internally on server. Iphones do not work. OWA not working externally
jerseysamAuthor Commented:
I think the issue is that when i created my CRS then i may not have chosen the correct info.

In exchange my DNS says "" but my FQDN is "servername.mydomain.local"

What info should i use in my CRS? The self-generated certificate that works with iphones is "servername.mydomain.local"

ChrisConnect With a Mentor Commented:
for your certificate it should contain

external server fqdn i.e.

as you are attaching this to your IIS service on exchange for owa you either need to include at least the following as well

netbios name
jerseysamAuthor Commented:
Yes i thought internalserver.mydomain.local is what i need, as this works correctly if i use a self-signed and generated SSL certificate.

Will need to create a new CRS and ask the 3rd party to issue a new certificate (is they will for a .local).
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.