Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 509
  • Last Modified:

Exchange 2013 Certificate

Dear Team
am doing migration to Exchange 2013 environment including 2 CAS servers & 2 Mailbox servers
am using third party public certificate & i add the name of public record of email like mail.domain.com
when i assign iis service to this certificate error come in outlook side like the attached
the name of Cas Server appear in error
i know now that exchange 2013 using Http to cinnect but how to arrange the certificate to be used internally & externally or can i assign IIS for this certificate in special way
cert-1.jpg
cert.jpg
0
csh2010
Asked:
csh2010
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
If your SSL certificate is for mail.example.com then setup a split DNS system so that mail.example.com resolves internally to the internal IP address.
Then configure all of the URLs within Exchange to use mail.example.com.
I have an article for Exchange 2010 - the script works on Exchange 2013: http://semb.ee/hostnames

Simon.
0
 
jbvernejCommented:
Your hardcopies are showing two distinct cases (it should be on different machines):
1-  Error1 / Cert-1.jpg   :
it shows that the certificate you assigned to exchange server is not trusted by the client machine : you need to import on this client machine the "Certification Authority" 's Certificate in the Trusted "Certification Authority" folder of your machine certificate's store

2- Error 2/ Cert.jpg
The certificat assigned on the exchange server contains a server name in its "Subject Name" ou SAN attributes.  One of These certificate's names must match the name you used in your outlook to reach the Exchange server (in the Autodiscover's URL or in the Outlook profile). This error says that outlook doesn't use the right FQDN server name to call Exchange server.
0
 
hecgomrecCommented:
You must make sure that you import the certificate into the trusted root certificate store on client computers and devices.

More here: http://technet.microsoft.com/en-us/library/dd351044(v=exchg.150).aspx
0
 
Simon Butler (Sembee)ConsultantCommented:
Or just install a trusted SSL certificate, which is the recommended path.
The self signed SSL certificate installed by Exchange is not supported for use with ActiveSync or Outlook Anywhere. It is designed as a place holder.

Simon.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now