Solved

Exchange 2013 Certificate

Posted on 2013-11-12
5
501 Views
Last Modified: 2013-12-10
Dear Team
am doing migration to Exchange 2013 environment including 2 CAS servers & 2 Mailbox servers
am using third party public certificate & i add the name of public record of email like mail.domain.com
when i assign iis service to this certificate error come in outlook side like the attached
the name of Cas Server appear in error
i know now that exchange 2013 using Http to cinnect but how to arrange the certificate to be used internally & externally or can i assign IIS for this certificate in special way
cert-1.jpg
cert.jpg
0
Comment
Question by:csh2010
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 16

Accepted Solution

by:
Shaik M. Sajid earned 500 total points
ID: 39643783
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39644603
If your SSL certificate is for mail.example.com then setup a split DNS system so that mail.example.com resolves internally to the internal IP address.
Then configure all of the URLs within Exchange to use mail.example.com.
I have an article for Exchange 2010 - the script works on Exchange 2013: http://semb.ee/hostnames

Simon.
0
 
LVL 8

Expert Comment

by:jbvernej
ID: 39644605
Your hardcopies are showing two distinct cases (it should be on different machines):
1-  Error1 / Cert-1.jpg   :
it shows that the certificate you assigned to exchange server is not trusted by the client machine : you need to import on this client machine the "Certification Authority" 's Certificate in the Trusted "Certification Authority" folder of your machine certificate's store

2- Error 2/ Cert.jpg
The certificat assigned on the exchange server contains a server name in its "Subject Name" ou SAN attributes.  One of These certificate's names must match the name you used in your outlook to reach the Exchange server (in the Autodiscover's URL or in the Outlook profile). This error says that outlook doesn't use the right FQDN server name to call Exchange server.
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39644983
You must make sure that you import the certificate into the trusted root certificate store on client computers and devices.

More here: http://technet.microsoft.com/en-us/library/dd351044(v=exchg.150).aspx
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39645131
Or just install a trusted SSL certificate, which is the recommended path.
The self signed SSL certificate installed by Exchange is not supported for use with ActiveSync or Outlook Anywhere. It is designed as a place holder.

Simon.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question