Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Exchange 2010 - Outlook 2010 SSL Error - name does not match

Posted on 2014-04-15
2
Medium Priority
?
841 Views
Last Modified: 2014-04-17
We just finished up an exchange 2007 to 2010 migration.  We have a simple basic setup.  1 exchange 2010 - HUB,CAS, & Mailbox.  All users connect with Outlook 2010 on the internal network (either locally or via vpn to local lan).  We do have a public dns name webmail that we port forward 443 externally through our firewall to internal 443 on the exchange for owa & active-sync primarily.  

All internal outlook 2010 users now get a security alert pop-up mentioning that the name on the security cert is invalid or does not match the name of the site.

I did move the SSL cert we used on 2007 to 2010, and its name is for webmail.external.com

The pop-up error makes reference to the internal  exchange2010.internal.local server name (not matching the external name on the ssl cert).

I am curious what is the best option to correct my exchange to get this popup message to go away?  

I was thinking I could ditch my current ssl cert, and get a new SAN cert with webmail.external.com & exchange2010.internal.local.  Would this be correct?

I also saw this artice   http://support.microsoft.com/kb/940726   but have not tried this yet.

In a net shell I still do want everyone to access our exchange locally, and only owa & active-sync externally.

Any advice would be greatly appreciated.

Thanks!

Bob
0
Comment
Question by:BobD1134
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 40003725
You cannot get SSL certificates with .local host names on them that expire after November 2015. Therefore I wouldn't go down that path at all.
Instead, setup a split DNS so that the external name resolves internally, then change all of the host names within Exchange to use the external host name internally.

http://semb.ee/hostnames2010

Simon.
0
 

Author Closing Comment

by:BobD1134
ID: 40007021
Thank You!  This is exactly what I needed, and I'm glad I didn't need to get a new SSL SAN cert.

I setup the Split DNS, and followed the reconfig in Exchane 2010 as per the instructions in the link you attached.  

Everything works as it should now, and nor more ssl security pop-ups in outlook anymore.

Thanks Again for helping me resolve this issue!

Bob
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question