exhange 2010 certificate error message on outlook clients
hi everyone I recently had and expired certificate, updated it, and now internal mail clients are seeing "The name on the security certificate is invalid or does not match the name of the site"
The untrusted site on external OWA is now resolved but now clients are seeing that error.
Ive seen a few command line fixes but hesitant to make it worse.
The untrusted site on external OWA is now resolved but now clients are seeing that error.
Ive seen a few command line fixes but hesitant to make it worse.
Was this a new self signed or trusted certificate?
If it was a trusted certificate, it probably did not contain your internal server names.
If it was a self signed certificate - well those are not supported for production use.
You may well have to change the Exchange configuration to use your external host name internally. That is easy to do and doesn't take long.
http://semb.ee/hostnames2010
Simon.
If it was a trusted certificate, it probably did not contain your internal server names.
If it was a self signed certificate - well those are not supported for production use.
You may well have to change the Exchange configuration to use your external host name internally. That is easy to do and doesn't take long.
http://semb.ee/hostnames2010
Simon.
Hope you dont have SAN certificate that why comping or may you got certificate with invalid name.
ASKER
ok so what happened is the previous IT manager had a ton of other "legacy" sites that were in use. For example the host name of the server was being used on the inside, and there was an OWA site on another mail server, etc. I got a cert to cover other sites but not those. So now people on the inside go to the host name instead of the public address and get the cert error. Im wondering if I can point DNS to the correct address instead of re-keying a cert ?
thanks
thanks
You can point the DNS to the correct hosts if you like, but that will not deal with the SSL certificate issue if users are entering https://legacyhostname ...
To cover that you either need to include the additional names in your main certificate or get another certificate to cover those and put them on to another server that simply redirects to the right place.
Use the same host name inside and outside, configure Exchange in that way and encourage users to use the one URL.
You could also simply delete the other host names that are being used so that they don't go anywhere (presuming the server doesn't exist any longer).
Simon.
To cover that you either need to include the additional names in your main certificate or get another certificate to cover those and put them on to another server that simply redirects to the right place.
Use the same host name inside and outside, configure Exchange in that way and encourage users to use the one URL.
You could also simply delete the other host names that are being used so that they don't go anywhere (presuming the server doesn't exist any longer).
Simon.
ASKER
the server exists and host the same site. If youre outside its
https://subdomain.domain.com
if youre inside its
https://servername
so when you go to servername you get the cert error. I was thinking you could DNS forward servername to https://subdomain.domain.com and dodge the alert
Just trying to avoid doing the cert nightmare again, because we have tomcat servers in addition to exchange
https://subdomain.domain.com
if youre inside its
https://servername
so when you go to servername you get the cert error. I was thinking you could DNS forward servername to https://subdomain.domain.com and dodge the alert
Just trying to avoid doing the cert nightmare again, because we have tomcat servers in addition to exchange
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Seems to me that an autodiscover.domain.com or something is not set correctly on the new certificate.
Did you import the new cert in the Exchange Management Console as well?