?
Solved

Exchange 2010 Outlook Certificate Warnings

Posted on 2014-04-01
7
Medium Priority
?
237 Views
Last Modified: 2014-04-02
I just installed Exchange 2010 in my organization.  My internal domain is different then the exchange domain.  I purchased a SSL certificate for my public domain and my outlook 2010 keeps coming up with a certificate mismatch warning.  I can not purchase a ssl for my internal domain name because just by chance someone else owns that.  How would I go about stopping these mismatch warnings.

Thanks
0
Comment
Question by:bidgadget
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 4

Accepted Solution

by:
Pancake_Effect earned 2000 total points
ID: 39969307
Can you create a free self signed certificate for internal use. This is normal and proper practice for internal resources for the most part. Use your internal self signed certificate will eliminate this error on any computer on your domain that accesses your local certificate store. (In other words just any computer that is connected to the domain).

Below is a great guide I used in the past:

http://social.technet.microsoft.com/wiki/contents/articles/13916.how-to-use-a-self-signed-certificate-in-exchange-2010.aspx


Hope that gets you going =]
0
 

Author Comment

by:bidgadget
ID: 39969339
Thank you.   Will there be any issues for the users on the outside?  Also how do I make it that the internal users see the internal cert and outside users see the external?
0
 
LVL 4

Expert Comment

by:Pancake_Effect
ID: 39969414
The outside SSL certificate points to your public IP address. The purchased certificate is hosted by the public third party entity. Whereas the local self signed certificate will be hosted locally on your server and points to only your local IP address.

So from the outside if you type in website.com the certificate translates that to x.x.x.x (your public IP)

From the inside, you will have to make a entry on your DNS server to state website.com...but instead you will translate it to use x.x.x.x (your local server's IP)

So that's how it makes the distinction of what certificate to use, it's actually using different IP addresses (local vs public).
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 

Author Comment

by:bidgadget
ID: 39969538
OK.  I followed.  No I am getting a different popup.  I am getting the warning that the certificate is from a company that I have not chosen to trust.  Is there any way to stop that?
0
 

Author Comment

by:bidgadget
ID: 39969570
Also sorry to be a pain.  Now the outside items are giving me a certificate error for the internal certificate.  Is there any way to stop that?
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39972223
As explained to you by "Pancake_Effect" on the link (guide) he suggested, you will have to copy/import the self-signed certificate in every single machine you have on your organization... hope you don't have a couple of hundreds!!!

The other way around is to use only 1 SSL for everything.  what you will have to do is rename your internal links to match the external or have a wildcard on the SSL.

The simplest way is to have the same name outside and inside the organization and create the proper DNS record on your organization to point to your internal server.

Now, because this is not done since the beginning you will still get some errors for some names you can't change with the EMC.

When you setup Exchange Server it creates a default self-signed certificate for internal use and the common name on it is usually the machinename.domainname, when you installed the new certificate  you did with your external (internet facing) name which is normal but now you need to replacement he fully qualified domain name (FQDN) of the URL that is stored in the following objects:

The Service Connection Point for the Autodiscover
The InternalUrl of Exchange Web Service (EWS)
The InternalUrl of the OAB Web service


Here is what worked for me: http://support.microsoft.com/kb/940726 

Let me know!!!
0
 
LVL 4

Expert Comment

by:Pancake_Effect
ID: 39972275
@hecgomrec

Shouldn't the certificate store automatically push/pull the self signed certificate into all the local machines? Shouldn't have to manually do it unless I'm mistaken. It's been a long time, but I think that's what I did for our webmail service.

Internally I just made a dns entry called mail.example.com, and associated a self signed certificate with it and the local IP. Which all the domain computers pull from the certificate store, and fixed the errors.

Externally I used Go daddy to host mail.example.com, which I then pointed to the public address which fixed those issues.


Again it's been a long time, but I thought hat was the general steps I did. Please correct me if I'm wrong, it's always nice to have a refresher course haha.
0

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Earlier today, Google rolled out a new feature, Google Buzz; and the aptly named tool, is already creating quite a stir on the World Wide Web.  According to his post on the Gmail blog, (http://gmailblog.blogspot.com/) Edward Ho, tech lead for Google…
Are you using email marketing software? If not, you're missing out on effortless marketing and the reaching of desired conversion rates through email marketing software.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question