Link to home
Start Free TrialLog in
Avatar of HalCHub
HalCHubFlag for United States of America

asked on

owa cert error

sbs 2011 exchange 2010

I have a self assigned cert for my server and a wild card cert for my domain

my server is named x
when I do https:/x I get
You attempted to reach x, but instead you actually reached a server identifying itself as x.mydomain.local. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of x.


If I do https://x.mydomain.local I get  404 error
Avatar of becraig
becraig
Flag of United States of America image

What is the name on the certificate ?

What is the friendly name configured for the website in IIS  ?

If you are trying to use the same wildcard certificate for multiple sites you should adjust the friendly name to read *.domain.local  etc.

So the quick answers are:

1. you will never get https://x   simply because your SSL certificate has a FQDN and is configured to respond to "Anything".domain.local
2. I am not sure the config you have that might cause the second error, but I would look at changing the friendly name of the certificate to *.domain.local then trying again.

A little more information would really be helpful here though.
ASKER CERTIFIED SOLUTION
Avatar of Seth Simmons
Seth Simmons
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of HalCHub

ASKER

ok lets start with the internal self cert
its call mydomainall and is wildcard cert. as *.mydomain.local

if I want the users to access owa using webmail.mydomain.local as opposed to x.mydomain.local I get the cert error


webmail has a dsn record which points to the same ip as x
you should move away from using .local in your URLs since a year from now you can't use those certs for those kinds of domains (.local or anything else not public)
Avatar of HalCHub

ASKER

seth

your saying I will need to convert my domain to mydomain,local to mydomain.com ?
Avatar of HalCHub

ASKER

You attempted to reach webmail.mydomai.com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.

webmail is a valid dns record and I have registered a wildcards cert.  Is this an issue with my binding ?
The entity which issues the cert is godady.
your saying I will need to convert my domain to mydomain,local to mydomain.com ?

no
as i stated in my first post, you change the URLs it advertises as by not using .local
that way you use the same server names both internally and externally
the actual server name (mail.company.local) doesn't change, only the URLs that exchange uses for communication with browsers and clients