Link to home
Start Free TrialLog in
Avatar of PramoIT
PramoITFlag for Netherlands

asked on

Certificate error outlook 2013 with exchange 2010

Hi,

We keep getting certificate erros in outlook 2013. We have an exchange 2010 server. We have a certificate for the server for external use. That is exchange.domain.nl the server internal name is he1.domein.local

Outlook 2013 is used on a terminal server.

When using outlook, it keeps giving the warning that the name on the certifcate doesnt match the name of the server he1.domain.local

How can i get rid of this warning?

All help is welcome, thanks.
Avatar of jerseysam
jerseysam
Flag of United Kingdom of Great Britain and Northern Ireland image

You may need to create a new CSR and then request a new SSL Certificate using the correct FQDN
Avatar of PramoIT

ASKER

But what about the users who externally connect to the exchange server. Then they will get an error, right?
Hi, did you use an external 3rd party Certificate Authority? if yes you need to generate a new CSR then request a new SSL certificate from the 3rd party CA with the correct FQDN  exchange.domain.nl.
Avatar of PramoIT

ASKER

Hi,

I already have an external 3d party certificate for the exchange.domain.nl name. That works fine. The problem is that the internal outlook 2013 clients on the terminal server keep warning about the fact that the internal name he1.domain.local doesn't match the name in the certificate exchange.domain.nl
Avatar of PramoIT

ASKER

Hi,

Is it possible to let exchange 2010 use multiple certificates?

OR

Is it possible to let the internal outlook clients connect via the external name exchange.domain.nl

Thanks.
You can try this from www.cohesivelogic.com for a single name SSL certificate or else add a internal FQDN to existing certificate OR create a new CSR.

http://www.cohesivelogic.com/2011/01/exchange-2010-single-name-ssl-certificates/
ASKER CERTIFIED SOLUTION
Avatar of jerseysam
jerseysam
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi, you can also configure your email client to use autodiscover that will point to your public exchange server.
You cannot get a certificate with your internal name on it.

Therefore a new certificate isn't going to help. There is no need to get a new certificate.
You just need to configure the internal DNS to use the external name everywhere.

http://semb.ee/hostnames

Simon.
Agree with Sembee2, this is an internal DNS issue. You need an implicit zone for the public record pointing to the internal IP.

HTH
Gary
Avatar of PramoIT

ASKER

Hi,

I've purchased a multidomain certificate and now all works fine.