Issues with IIS7 exchange certificates

Hello,

I'm having issues creating a self-signed SSL certificate for my exchange server. I've used the following to create a selfssl certificate,

selfssl7.exe /n cn=exchange.sitename.com;cn=remote.sitename.com;cn=autodiscover.sitename.com;cn=mail.sitename.com /V 3650 /i /q /T /x /f sitename.pfx

but for some reason if I browse to the remote.sitename.com is says the site does not match the certificate name, though mail.sitename.com works. Any thoughts?
SouthernTierGraphicsAsked:
Who is Participating?
 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
That is what a UC type certificate does.
It allows you to have mail.example.com and Autodiscover.example.com on the same certificate.

I have instructions on the process here: http://semb.ee/ssl

Simon.
0
 
Simon Butler (Sembee)ConsultantCommented:
Why are you using self signed certificates? They are not supported for use with ActiveSync or Outlook Anywhere.
If you ignore the SSL warning, then you can browse to any SSL site with any name on it, as long as the DNS resolves correctly.

Exchange can generate its own SSL certificates using new-exchangecertificate, but personally I would use a trusted certificate, a lot less hassle and supported.

Simon.
0
 
SouthernTierGraphicsAuthor Commented:
Most of my clients are... "frugal" so we've been using self-signed for them. We get the normal "not trusted" warning, but that's not what I'm having issues with. It's more or less the certificate not matching the site name, even though I'm inputting it into the certificate. And this is causing pop-ups on everyone's outlook, usually a couple times a day.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
I have been through this conversation with lots of clients.
The maths simply do not add up - you can get a trusted SSL certificate suitable for use with Exchange 2007 and higher for less than $70/year. I don't know what your hourly rate is, but it can usually take more than an hour to get self signed certificates to work correctly, then you have the hassle of getting them on to devices and having to change them if you do anything with the certificate.

As such, a self signed certificate is a false economy.

Simon.
0
 
SouthernTierGraphicsAuthor Commented:
Can i get these certificates for multiple sub-domains... like with the issue I'm having?
0
 
SouthernTierGraphicsAuthor Commented:
Thanks for the advice,

I ended up sticking with the SelfSSL and limiting the host name used externally with just one address to limit certificate issues. Works fine
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.