Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Issues with IIS7 exchange certificates

Posted on 2014-02-23
7
Medium Priority
?
292 Views
Last Modified: 2014-03-02
Hello,

I'm having issues creating a self-signed SSL certificate for my exchange server. I've used the following to create a selfssl certificate,

selfssl7.exe /n cn=exchange.sitename.com;cn=remote.sitename.com;cn=autodiscover.sitename.com;cn=mail.sitename.com /V 3650 /i /q /T /x /f sitename.pfx

but for some reason if I browse to the remote.sitename.com is says the site does not match the certificate name, though mail.sitename.com works. Any thoughts?
0
Comment
Question by:SouthernTierGraphics
  • 3
  • 3
6 Comments
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39880768
Why are you using self signed certificates? They are not supported for use with ActiveSync or Outlook Anywhere.
If you ignore the SSL warning, then you can browse to any SSL site with any name on it, as long as the DNS resolves correctly.

Exchange can generate its own SSL certificates using new-exchangecertificate, but personally I would use a trusted certificate, a lot less hassle and supported.

Simon.
0
 

Author Comment

by:SouthernTierGraphics
ID: 39881376
Most of my clients are... "frugal" so we've been using self-signed for them. We get the normal "not trusted" warning, but that's not what I'm having issues with. It's more or less the certificate not matching the site name, even though I'm inputting it into the certificate. And this is causing pop-ups on everyone's outlook, usually a couple times a day.
0
 
LVL 63

Assisted Solution

by:Simon Butler (Sembee)
Simon Butler (Sembee) earned 1500 total points
ID: 39882004
I have been through this conversation with lots of clients.
The maths simply do not add up - you can get a trusted SSL certificate suitable for use with Exchange 2007 and higher for less than $70/year. I don't know what your hourly rate is, but it can usually take more than an hour to get self signed certificates to work correctly, then you have the hassle of getting them on to devices and having to change them if you do anything with the certificate.

As such, a self signed certificate is a false economy.

Simon.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:SouthernTierGraphics
ID: 39882379
Can i get these certificates for multiple sub-domains... like with the issue I'm having?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1500 total points
ID: 39882437
That is what a UC type certificate does.
It allows you to have mail.example.com and Autodiscover.example.com on the same certificate.

I have instructions on the process here: http://semb.ee/ssl

Simon.
0
 

Author Closing Comment

by:SouthernTierGraphics
ID: 39898492
Thanks for the advice,

I ended up sticking with the SelfSSL and limiting the host name used externally with just one address to limit certificate issues. Works fine
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will demonstrate that how to do a PST migration from Exchange Server to Office 365. This method allows importing one single PST, or multiple PST's at once.
Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question