Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Reassigned/Reissued SSL now getting error in Outlook

Posted on 2013-12-27
8
Medium Priority
?
523 Views
Last Modified: 2014-02-06
Hello,

I had to reassign/reissue the SSL in Exchange 2010.  Now Outlook is getting the error:

Information you exchange with this site cannot be viewed or changed by others.  However, there is a problem with the site's security certificate.

The security certificate is from a trusted certifying authority.

The security certificate date is valid.

The name on the security certificate is invalid or does not match the name of this site.

I have done view certificate and install, but it keeps popping up when I re-open Outlook.

Any advice is greatly appreciated.

Have a great day,

Don
0
Comment
Question by:GEMCC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 10

Expert Comment

by:George Khairallah
ID: 39743178
I had an issue similar to this a couple days ago... and I initially looked through this article (https://social.technet.microsoft.com/wiki/contents/articles/13916.how-to-use-a-self-signed-certificate-in-exchange-2010.aspx) to figure out the solution.  (granted this was through a Self-Signed CA)....)

And in doing this and following the exact instructions in the article, I got the exact message you were getting.

I'm not sure if you create the CSR from the Exchange interface or from the Certificates MMC, but for Exchange, you will need: Digital Signature, Key Encipherment, and Server Authentication, and it needs to be 2048 bit and an Exchange Key (as opposed to Signature)  -- Here's a screencast that shows how to create the CSR correctly:  http://www.netometer.com/video/misc/SAN-request/ (not needed if you're using the Exchange console to create it though .. but is good for reference anyway)

When you download the cert, try to download it as a WebCertificate, and DER encoded instead of Base 64. (the article above states Base 64, but what worked for me was getting the DER Encoded. Give that a shot and see if it works for you.
0
 

Author Comment

by:GEMCC
ID: 39743180
Hi and thanks for your response,

I received the cert from GoDaddy using a CSR.  This issue is only occurring on systems that has been using Outlook/Exchange prior to the reassign/reissue.  If I make a new connection from a new PC, I do not get the error.

Please advise.

Have a great day,

Don
0
 
LVL 12

Expert Comment

by:SreRaj
ID: 39743431
Hi,

This error could occur if the host name used for connections is not added as a Subject Alternate Name in the certificate. For example, if you organization is using the host name webmail.companyname.com for accessing Outlook Web App and this name is not added to the certificate as a SAN then this error can get triggered. Please check if there has been any changes of host names used for connection and if it is not updated in the certificate.

Please refer the following articles for more information.

http://autodiscover.wordpress.com/2010/07/03/exchange-server-what-are-the-names-required-for-my-certificate/

http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010/
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 39743699
Pretty standard error.
You probably don't have one of the URLs in the certificate that Exchange wants to use. If it is coming up immediately then it is probably the Autodiscover URL.

get-clientaccessserver | select identity, autodiscoverserviceinternaluri

If your previous SSL certificate had the server's real name on it, then it has probably been removed by the SSL provider because they are no longer allowed. That can cause you problems.

You will need to setup a split DNS and then use the external name internally.

http://semb.ee/hostnames

Simon.
0
 

Author Comment

by:GEMCC
ID: 39837920
The issue is that when I reissued the SSL, I did not include .local SANS because GoDaddy says they are not longer supported.
0
 

Author Comment

by:GEMCC
ID: 39838375
I've requested that this question be closed as follows:

Accepted answer: 0 points for GEMCC's comment #a39837920

for the following reason:

Issue resolved
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39838376
I am objecting to the question being closed in the manner requested.

In my last post I stated:

"If your previous SSL certificate had the server's real name on it, then it has probably been removed by the SSL provider because they are no longer allowed."

That is the reason that is being asked for the question to be closed.
0
 

Author Closing Comment

by:GEMCC
ID: 39838566
Because he wants the points.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outlook for dependable use in a very small business   This article is about using the Outlook application (part of Microsoft Office) in a very small business, or for homeowners where dependability and reliability are critical requirements. This …
By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question