Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

owa cert error

Posted on 2014-09-30
7
Medium Priority
?
406 Views
Last Modified: 2014-10-01
sbs 2011 exchange 2010

I have a self assigned cert for my server and a wild card cert for my domain

my server is named x
when I do https:/x I get
You attempted to reach x, but instead you actually reached a server identifying itself as x.mydomain.local. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of x.


If I do https://x.mydomain.local I get  404 error
0
Comment
Question by:HalCHub
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40352600
What is the name on the certificate ?

What is the friendly name configured for the website in IIS  ?

If you are trying to use the same wildcard certificate for multiple sites you should adjust the friendly name to read *.domain.local  etc.

So the quick answers are:

1. you will never get https://x   simply because your SSL certificate has a FQDN and is configured to respond to "Anything".domain.local
2. I am not sure the config you have that might cause the second error, but I would look at changing the friendly name of the certificate to *.domain.local then trying again.

A little more information would really be helpful here though.
0
 
LVL 35

Accepted Solution

by:
Seth Simmons earned 2000 total points
ID: 40352794
sounds like your cert is configured for a .com or .net (or whatever your external domain is) and your exchange server advertises itself as .local for your internal domain
if that's the case you need to change your autodiscover and external url to not use .local
might also need to configure split dns

Configure Exchange Services for the Autodiscover Service
http://technet.microsoft.com/en-us/library/bb201695%28v=exchg.141%29.aspx

Windows - Setting Up Split DNS
http://www.petenetlive.com/KB/Article/0000830.htm
0
 
LVL 1

Author Comment

by:HalCHub
ID: 40352865
ok lets start with the internal self cert
its call mydomainall and is wildcard cert. as *.mydomain.local

if I want the users to access owa using webmail.mydomain.local as opposed to x.mydomain.local I get the cert error


webmail has a dsn record which points to the same ip as x
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40352905
you should move away from using .local in your URLs since a year from now you can't use those certs for those kinds of domains (.local or anything else not public)
0
 
LVL 1

Author Comment

by:HalCHub
ID: 40352946
seth

your saying I will need to convert my domain to mydomain,local to mydomain.com ?
0
 
LVL 1

Author Comment

by:HalCHub
ID: 40352958
You attempted to reach webmail.mydomai.com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.

webmail is a valid dns record and I have registered a wildcards cert.  Is this an issue with my binding ?
The entity which issues the cert is godady.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40354720
your saying I will need to convert my domain to mydomain,local to mydomain.com ?

no
as i stated in my first post, you change the URLs it advertises as by not using .local
that way you use the same server names both internally and externally
the actual server name (mail.company.local) doesn't change, only the URLs that exchange uses for communication with browsers and clients
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question