Solved

Outlook for remote users - Name on security certificate is invalid

Posted on 2013-06-05
5
286 Views
Last Modified: 2013-12-11
Some of our remote users see a security alert pop up when they use Outlook 2007 and connect to our Exchange server over the internet.  Our Exchange 2007 server uses a self-signed certificate and this has been working great for many years.  We just need to import the certificate in IE and that's it.

The certificate information shows it is issued to *.ssldomain.com / Trustwave and I don't know where that comes from.  Our own certificates show up just fine under the Trusted Rood Certification Authorities in IE and everything else works just fine.

We tried to install this problem certificate, shows it installed fine but the message returns the next time Outlook is opened.  Outlook can sync just fine with our Exchange server but the security alert is annoying.  Remote computer is Windows 7 with IE10.
outlook1.jpg
outlook2.jpg
outlook3.jpg
0
Comment
Question by:rwottowa
  • 3
  • 2
5 Comments
 
LVL 39

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 39223736
Check to see what server your autodiscover.magnetics.com DNS record is pointing to. It looks like it's currently pointing to your web hosting server, which is probably being run by SSLDomain.com. If you're using a hosted Exchange solution, you'll want to talk to your hosting provider to get a better certificate assigned.

That said, if you use a self-signed certificate with Exchange, you're going to have some issues with it for a while. Spend a little money getting a valid 3rd Party SSL SAN cert and you'll have fewer headaches to deal with (like making people install the certificate).
0
 

Author Comment

by:rwottowa
ID: 39223807
As far as i know, we don't have anything set up for autodiscover.magnetics.com, only a host record for mailserv.magnetics.com.

Should we have a host record set up for autodiscover as well and point to our Exchange server, same as mailserv?

Either way, I think switching to a third party ssl is a good idea.  Any suggestions for providers are welcome as well.
0
 
LVL 39

Expert Comment

by:Adam Brown
ID: 39223927
Here, I wrote a blog on how Autodiscover works and some tricks you can use to get it working right: http://acbrownit.wordpress.com/2012/12/20/internal-dns-and-exchange-autodiscover/

Autodiscover uses a predictable pattern for finding the right spot for where to look for configuration info. it starts looking at https://domain.com/autodiscover/autodiscover.xml and then moves on to other records. The blog post has more details.
0
 

Author Comment

by:rwottowa
ID: 39227215
I tried with adding autodiscover as a host record on our ISP.  It is seeing mailserv.magnetics.com as the name on the certificate now but still shows up every time Outlook is started.  When it is installed, it shows it was successful but still shows up again the next time.
0
 

Author Closing Comment

by:rwottowa
ID: 39712315
Installing a 3rd party SSL certificate is the best way to go forward.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2013 POP3 2 32
Replacing Domain Controller 15 31
SBS 2011. One user has no X400 email address 4 32
Email forwading to another account 6 19
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video discusses moving either the default database or any database to a new volume.

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question