certificate error on outlook

We recently upgraded to exchange 2010 from 2003.  I setup a basic SSL cert instead of a UCC.   I setup the cert to use mail.domain.com.  Externally everything is working fine and no issues with cert.  Internally on outlook 2007, 2010 and 2013 clients I am getting a "nonvalid certificate error".   I tried installing the cert as a trusted CA, but that doesn't work.

I also changed the autodiscover url to mail.domain.com from server.domain.com, but no change with the certificate error.  

Thanks.
tiptechsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rajitha ChimmaniCommented:
When you get the prompt for certificate error in Outlook it would also show tick or cross mark against each of the 3 certificate validations. Can you provide the exact parameter in certificate that is invalid?
0
tiptechsAuthor Commented:
When viewing the certificate path there is a Red in the picture for USER TRUST, SSL site, mail.domain.com.   It says "This certificate has a nonvalid digital signature".

Thanks.
0
tiptechsAuthor Commented:
Under the general tab it says "The integrity of this certificate cannot be guaranteed.  The certificate may be corrupted or may have been altered."
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

VB ITSSpecialist ConsultantCommented:
Type this in the Exchange Management Shell and paste the result:

Get-ClientAccessServer -Identity <CAS2010> | Select AutoDiscoverServiceInternalUri

You may need to adjust this to point to server.domain.com - ensure internal DNS resolves this record to your new 2010 CAS server also.
0
tiptechsAuthor Commented:
this originaly pointed to server.domain.com and was getting the same error.  I thought this was the issue since the names didn't match.    I changed it to point to the mail.domain.com, but got the same error.  I do have an internal dns record for mail.domain.com pointing to the 2010 server.

the result of the command is below

AutoDiscoverServiceInternalUri
---------------------------------------------
https://mail.domain.com/Autodiscover/Autodiscover.xml
0
VB ITSSpecialist ConsultantCommented:
What happens when you click on that AutoDiscover.xml link? Does the browser throw up the same error regarding the certificate?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tiptechsAuthor Commented:
I get page can't be displayed for the internal url.     I also tried OWA internally and that didn't work.

DNS resolves to the correct IP.  I also tried the IP in the url and got page can't be displayed.   OWA and the Autodiscover url are working externally.
0
tiptechsAuthor Commented:
I tested owa and the xml page from the mail server and it works fine there.
0
tiptechsAuthor Commented:
I can pull up http://mail.domain.com from an internal pc and get the "access denied" page, but soon as you put in https it says that it can't find the web page
0
tiptechsAuthor Commented:
From the dc I was able to access the owa and autodiscover internally.  From 3 or 4 internal PCs I was not.
0
tiptechsAuthor Commented:
It looks as though, the internal issue is related older versions of IE.  On newer versions we have no problems accessing OWA or the Autodiscover url.

I tested outlook from a pc that had no issues accessing these urls and it appears to be working now.
0
Rajitha ChimmaniCommented:
So..the issue was not with certificates but the IE version on client PC?
0
tiptechsAuthor Commented:
On the pc I was mostly testing from, I ran quite a few windows updates and now appears to be working.  Thanks for the help Rajitha14.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.