Solved

Outlook for remote users - Name on security certificate is invalid

Posted on 2013-06-05
5
291 Views
Last Modified: 2013-12-11
Some of our remote users see a security alert pop up when they use Outlook 2007 and connect to our Exchange server over the internet.  Our Exchange 2007 server uses a self-signed certificate and this has been working great for many years.  We just need to import the certificate in IE and that's it.

The certificate information shows it is issued to *.ssldomain.com / Trustwave and I don't know where that comes from.  Our own certificates show up just fine under the Trusted Rood Certification Authorities in IE and everything else works just fine.

We tried to install this problem certificate, shows it installed fine but the message returns the next time Outlook is opened.  Outlook can sync just fine with our Exchange server but the security alert is annoying.  Remote computer is Windows 7 with IE10.
outlook1.jpg
outlook2.jpg
outlook3.jpg
0
Comment
Question by:rwottowa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 40

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 39223736
Check to see what server your autodiscover.magnetics.com DNS record is pointing to. It looks like it's currently pointing to your web hosting server, which is probably being run by SSLDomain.com. If you're using a hosted Exchange solution, you'll want to talk to your hosting provider to get a better certificate assigned.

That said, if you use a self-signed certificate with Exchange, you're going to have some issues with it for a while. Spend a little money getting a valid 3rd Party SSL SAN cert and you'll have fewer headaches to deal with (like making people install the certificate).
0
 

Author Comment

by:rwottowa
ID: 39223807
As far as i know, we don't have anything set up for autodiscover.magnetics.com, only a host record for mailserv.magnetics.com.

Should we have a host record set up for autodiscover as well and point to our Exchange server, same as mailserv?

Either way, I think switching to a third party ssl is a good idea.  Any suggestions for providers are welcome as well.
0
 
LVL 40

Expert Comment

by:Adam Brown
ID: 39223927
Here, I wrote a blog on how Autodiscover works and some tricks you can use to get it working right: http://acbrownit.wordpress.com/2012/12/20/internal-dns-and-exchange-autodiscover/

Autodiscover uses a predictable pattern for finding the right spot for where to look for configuration info. it starts looking at https://domain.com/autodiscover/autodiscover.xml and then moves on to other records. The blog post has more details.
0
 

Author Comment

by:rwottowa
ID: 39227215
I tried with adding autodiscover as a host record on our ISP.  It is seeing mailserv.magnetics.com as the name on the certificate now but still shows up every time Outlook is started.  When it is installed, it shows it was successful but still shows up again the next time.
0
 

Author Closing Comment

by:rwottowa
ID: 39712315
Installing a 3rd party SSL certificate is the best way to go forward.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Read this checklist to learn more about the 15 things you should never include in an email signature.
This article describes how to import an Outlook PST file to Office 365 using a third party product to avoid Microsoft's Azure command line tool, saving you time.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question