Solved

Outlook for remote users - Name on security certificate is invalid

Posted on 2013-06-05
5
283 Views
Last Modified: 2013-12-11
Some of our remote users see a security alert pop up when they use Outlook 2007 and connect to our Exchange server over the internet.  Our Exchange 2007 server uses a self-signed certificate and this has been working great for many years.  We just need to import the certificate in IE and that's it.

The certificate information shows it is issued to *.ssldomain.com / Trustwave and I don't know where that comes from.  Our own certificates show up just fine under the Trusted Rood Certification Authorities in IE and everything else works just fine.

We tried to install this problem certificate, shows it installed fine but the message returns the next time Outlook is opened.  Outlook can sync just fine with our Exchange server but the security alert is annoying.  Remote computer is Windows 7 with IE10.
outlook1.jpg
outlook2.jpg
outlook3.jpg
0
Comment
Question by:rwottowa
  • 3
  • 2
5 Comments
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 39223736
Check to see what server your autodiscover.magnetics.com DNS record is pointing to. It looks like it's currently pointing to your web hosting server, which is probably being run by SSLDomain.com. If you're using a hosted Exchange solution, you'll want to talk to your hosting provider to get a better certificate assigned.

That said, if you use a self-signed certificate with Exchange, you're going to have some issues with it for a while. Spend a little money getting a valid 3rd Party SSL SAN cert and you'll have fewer headaches to deal with (like making people install the certificate).
0
 

Author Comment

by:rwottowa
ID: 39223807
As far as i know, we don't have anything set up for autodiscover.magnetics.com, only a host record for mailserv.magnetics.com.

Should we have a host record set up for autodiscover as well and point to our Exchange server, same as mailserv?

Either way, I think switching to a third party ssl is a good idea.  Any suggestions for providers are welcome as well.
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 39223927
Here, I wrote a blog on how Autodiscover works and some tricks you can use to get it working right: http://acbrownit.wordpress.com/2012/12/20/internal-dns-and-exchange-autodiscover/

Autodiscover uses a predictable pattern for finding the right spot for where to look for configuration info. it starts looking at https://domain.com/autodiscover/autodiscover.xml and then moves on to other records. The blog post has more details.
0
 

Author Comment

by:rwottowa
ID: 39227215
I tried with adding autodiscover as a host record on our ISP.  It is seeing mailserv.magnetics.com as the name on the certificate now but still shows up every time Outlook is started.  When it is installed, it shows it was successful but still shows up again the next time.
0
 

Author Closing Comment

by:rwottowa
ID: 39712315
Installing a 3rd party SSL certificate is the best way to go forward.
0

Featured Post

Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a tradeshow? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now