owa cert error

sbs 2011 exchange 2010

I have a self assigned cert for my server and a wild card cert for my domain

my server is named x
when I do https:/x I get
You attempted to reach x, but instead you actually reached a server identifying itself as x.mydomain.local. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of x.


If I do https://x.mydomain.local I get  404 error
LVL 1
HalCHubAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

becraigCommented:
What is the name on the certificate ?

What is the friendly name configured for the website in IIS  ?

If you are trying to use the same wildcard certificate for multiple sites you should adjust the friendly name to read *.domain.local  etc.

So the quick answers are:

1. you will never get https://x   simply because your SSL certificate has a FQDN and is configured to respond to "Anything".domain.local
2. I am not sure the config you have that might cause the second error, but I would look at changing the friendly name of the certificate to *.domain.local then trying again.

A little more information would really be helpful here though.
0
Seth SimmonsSr. Systems AdministratorCommented:
sounds like your cert is configured for a .com or .net (or whatever your external domain is) and your exchange server advertises itself as .local for your internal domain
if that's the case you need to change your autodiscover and external url to not use .local
might also need to configure split dns

Configure Exchange Services for the Autodiscover Service
http://technet.microsoft.com/en-us/library/bb201695%28v=exchg.141%29.aspx

Windows - Setting Up Split DNS
http://www.petenetlive.com/KB/Article/0000830.htm
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HalCHubAuthor Commented:
ok lets start with the internal self cert
its call mydomainall and is wildcard cert. as *.mydomain.local

if I want the users to access owa using webmail.mydomain.local as opposed to x.mydomain.local I get the cert error


webmail has a dsn record which points to the same ip as x
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Seth SimmonsSr. Systems AdministratorCommented:
you should move away from using .local in your URLs since a year from now you can't use those certs for those kinds of domains (.local or anything else not public)
0
HalCHubAuthor Commented:
seth

your saying I will need to convert my domain to mydomain,local to mydomain.com ?
0
HalCHubAuthor Commented:
You attempted to reach webmail.mydomai.com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.

webmail is a valid dns record and I have registered a wildcards cert.  Is this an issue with my binding ?
The entity which issues the cert is godady.
0
Seth SimmonsSr. Systems AdministratorCommented:
your saying I will need to convert my domain to mydomain,local to mydomain.com ?

no
as i stated in my first post, you change the URLs it advertises as by not using .local
that way you use the same server names both internally and externally
the actual server name (mail.company.local) doesn't change, only the URLs that exchange uses for communication with browsers and clients
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.