Solved

exhange 2010 certificate error message on outlook clients

Posted on 2014-03-26
7
191 Views
Last Modified: 2014-07-02
hi everyone I recently had and expired certificate, updated it, and now internal mail clients are seeing "The name on the security certificate is invalid or does not match the name of the site"

 The untrusted site on external OWA is now resolved but now clients are seeing that error.

Ive seen a few command line fixes but hesitant to make it worse.
0
Comment
Question by:WAMSINC
7 Comments
 
LVL 3

Expert Comment

by:Winsoup
ID: 39957029
Are the "Subject Alternative Names" all the same as the last certificate?
Seems to me that an autodiscover.domain.com or something is not set correctly on the new certificate.

Did you import the new cert in the Exchange Management Console as well?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 39957649
Was this a new self signed or trusted certificate?
If it was a trusted certificate, it probably did not contain your internal server names.
If it was a self signed certificate - well those are not supported for production use.

You may well have to change the Exchange configuration to use your external host name internally. That is easy to do and doesn't take long.

http://semb.ee/hostnames2010

Simon.
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 39958424
Hope you dont have SAN certificate that why comping or may you got certificate with invalid name.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:WAMSINC
ID: 39999839
ok so what happened is the previous IT manager had a ton of other "legacy" sites that were in use. For example the host name of the server was being used on the inside, and there was an OWA site on another mail server, etc. I got a cert to cover other sites but not those. So now people on the inside go to the host name instead of the public address and get the cert error. Im wondering if I can point DNS to the correct address instead of re-keying a cert ?
thanks
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40000253
You can point the DNS to the correct hosts if you like, but that will not deal with the SSL certificate issue if users are entering https://legacyhostname ...

To cover that you either need to include the additional names in your main certificate or get another certificate to cover those and put them on to another server that simply redirects to the right place.

Use the same host name inside and outside, configure Exchange in that way and encourage users to use the one URL.

You could also simply delete the other host names that are being used so that they don't go anywhere (presuming the server doesn't exist any longer).

Simon.
0
 

Author Comment

by:WAMSINC
ID: 40000519
the server exists and host the same site. If youre outside its
https://subdomain.domain.com
if youre inside its
https://servername
so when you go to servername you get the cert error. I was thinking you could DNS forward servername to https://subdomain.domain.com and dodge the alert

Just trying to avoid doing the cert nightmare again, because we have tomcat servers in addition to exchange
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40001339
You are talking about a split DNS system.
That is easy to do, something I do as standard.

http://semb.ee/splitdns

You will need to change the internal URLs within Exchange to use the external host name as well. Then tell all users to use just the external URL everywhere.

http://semb.ee/hostnames2010

Simon.
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now