Outlook 2010: Security Alert

We have recently installed Exchange 2010. Clients using Outlook 2010 are receiving a security alert

Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.
TICK The security certificate is from a trusted certifying authority.
TICK The security certificate date is valid
CROSS The name on the certificate is invalid or does not match the name of the site.
Do you want to proceed?

Open in new window


The clients are on the same network as the exchange server.
Outlook works fine whether the user clicks Yes or No.
antoniokingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Nick RhodeIT DirectorCommented:
You would have to check your certificate and verify your URLs.  For instance if you are using mail.domain.com and autodiscover.domain.com on your cert.  Verify you have those DNS records created and make sure your clients are not resolving to lets say exchange.local etc.

http://blogs.technet.com/b/danielkenyon-smith/archive/2010/05/13/the-name-on-the-certificate-is-invalid-or-does-not-match-the-name-of-the-site-part-2.aspx

http://social.technet.microsoft.com/Forums/exchange/en-US/4badbb83-3d5d-43f3-909c-ad837609d129/the-name-of-the-security-certificate-is-invalid-or-does-not-match-the-name-of-the-site-error
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dpsully07Commented:
When I had this issue, we needed to upgrade our ssl certificate so we can add our exchange server name which is what the clients would see inside and our external urls. We changed our firm name so we had our old domain forwarding to our new domain, that is why you will see multiple domains (please ignore).

The error would show up because Outlook would see our https://exchangeservername.domain2.net internally but did not match our domain name on our SSL Cert https://mail.domain2.net modifying DNS internally alone did not resolve it. Called godaddy and added all internal and external names and url's. Text from the cert that resolved the issue is below.

New-ExchangeCertificate -generaterequest -keysize 2048 -subjectname "c=US, l=City, s=state, o=My Company LLC, cn=mail.mycompany.com" -domainname exchangeservername.domain2.net, autodiscover.domain2.net, autodiscover.domain1.com, mail.domain2.net, exchangeservername, exchangeservername.domain1.com -PrivateKeyExportable $true -path c:\certrequest.txt
0
antoniokingAuthor Commented:
Thanks for the advice.
Unfortunately we could not add our internal domain name to the SSL as somebody owns a domain with the same name.
As an alternative, I changed the internalURLs to our public URLs
To reduce the latency I setup an internal DNS zone matching the name of our public URL and re-direct the A records to the internal exchange server.
The only draw-back is any changes made to the public DNS of our public URL must be replicated to our internal DNS or users will not be able to view our company's website etc...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.