bowlerman25
asked on
certificate error when opening outlook, exchange 2010
i just setup exchange 2010 on server 2012 and had to get a new ucc certificate. i have owa working and the phones but when they go into outlook they get 2 errors about mail.***.com not be trusted? i know it has something to do with certificate pointing to outside address on the inside but don't know what to change?
here are 2 pictures, one of the alert and one of the certificate, i cant seem to get rid of them? help?
cmb-cert-error.JPG
cmb-cert-error2.JPG
here are 2 pictures, one of the alert and one of the certificate, i cant seem to get rid of them? help?
cmb-cert-error.JPG
cmb-cert-error2.JPG
ASKER
i dont want a self signed, i paid for a ucc certificate. how do i take this out or get rid of error?
where did you get this certificate from?
the name on the certificate must match the name of the host
if your mail server is mail.foo.com which is what clients connect to, then your certificate should include mail.foo.com and should be from a trusted authority (verisign, go daddy, etc.)
the name on the certificate must match the name of the host
if your mail server is mail.foo.com which is what clients connect to, then your certificate should include mail.foo.com and should be from a trusted authority (verisign, go daddy, etc.)
Hi,
This certificate seems to be issued to 00:13:F7:9C:FE:38 which offcourse does not reflect your exchange inside NOR outside adress.
It should read something like mail.mydomain.org so domain, not mac adress.
This certificate seems to be issued to 00:13:F7:9C:FE:38 which offcourse does not reflect your exchange inside NOR outside adress.
It should read something like mail.mydomain.org so domain, not mac adress.
ASKER
got from godaddy and im pretty sure i verified that the mail.ourdomainname.com is a sub in the certificate. the outlooks connect just to exchange which uses the name of the server. what do i change or check?
Check in ESM if you have assigned the right certificate to the right services.
The certificate you are showing was issued by some cable modem and is valid for 20 years, seems not a godaddy certificate.
The certificate you are showing was issued by some cable modem and is valid for 20 years, seems not a godaddy certificate.
ASKER
the 00:13:F7:9C:FE:38 comes up twice because there are 2 dialog boxes. Ive tried to install them but they just come back when your reopen outlook?
ASKER
in emc under server config, i show 3 cert's. 2 are valid and 1 of the valid are self signed. the 1 that i paid for all 4 protocols and it only shows the domain name and not mail.domain.com. that might be my problem?
For sure. Plus assignment is not right.
ASKER
the one alert is for mail.domain.com and other alert is autodiscover.domain.com. i have to add both these to cert in emc?
Create a new certificate from vendor adding the following domain to resovle your issue.
"mail.domain.com"
"Autodiscover.domain.com"
If you have above mention domain certificate then bind the same certificate in IIS and reset the issue.
To bind the certificate refer below link :
http://www.sslshopper.com/article-installing-an-ssl-certificate-in-windows-server-2008-iis-7.0.html
"mail.domain.com"
"Autodiscover.domain.com"
If you have above mention domain certificate then bind the same certificate in IIS and reset the issue.
To bind the certificate refer below link :
http://www.sslshopper.com/article-installing-an-ssl-certificate-in-windows-server-2008-iis-7.0.html
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
should i delete the existing certificates all 3 or just add a new one? i think its my internal url for autodiscover, is one issue and the other security alert is for the mail.***.com url. i have found lots of documents on iis7 and server 2008 but not much for server 2012. anyone have the changes for the new server? i just dont know how to fix this?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i changed all the url from http://semb.ee/hostnames. still have 2 certificate errors about mail.***.com and 2nd pop up from autodiscover.***.com when they open outlook from inside organization. they both show this picture for a certificate that doesn't exist. why am i getting these pop ups?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i did fix it. i had to make new dns primary zones for mydomainname.com and then put an a record for each certificate error pointing to the internal ip address of the server. before when i ping the mail.***.com it was replying with the external ip. that fixed both errors. why is that?
because active directory domain was .local and the mail is .com?
because active directory domain was .local and the mail is .com?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i also had one more problem with autodiscover.***.com popping up in outlook but i didnt have it listed in the certificate as a SAN. figured that out myself. thanks!
It appears to be a self signed certificate which mean you need to click, 'install certificate' (next next) on all devices.