outlook certificate error and autodiscover.domain.com

On our Exchange 2010 server we have an SSL certificate for Outlook Anywhere and OWA. This works well but since we have installed the certificate Domain connected users get a certificate error when they open outlook, they just accept and can work normally.
Looking at the certificate name it is for https://domain.com.
There are several articles on the web: Microsoft 940726 and a blog by Elan Shudnow which describe this exact error.
It seems that the certificate needs to have autodiscover.domain.com added as an SNA, would this be added to my Exchange certificate or does my domain hosting company have to add it to there certificate?
PHBSupportAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rajitha ChimmaniCommented:
You need to have autodicover.domain.com added to the Exchange certificate.
0
tshearonCommented:
If you don't currently have it you will need a new one from your provider.
0
PHBSupportAuthor Commented:
At the moment the certificate is for remote.domain.com
I've reconfigured Exchange to use FQDN as per MS id 940726
I've added autodiscover.domain.com as a SAN to the Exchange certificate

When ever a domain connected user opens Outlook they get a certificate error, it's going to the https certificate of our web site. The hosting company say there nothing they can do as they use a wild card so cant add individual entry's to it

In the "old days" we just put the domain.local in the certificate but that has now been stopped.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Gareth GudgerCommented:
There are one of two things you can do.

Either create an autodiscover SRV record at your external DNS provider. That was you can just do a standard SSL. No SAN needed.

The alternative is to an SAN cert.

Check out my article here. I think it will help.
http://supertekboy.com/2014/05/27/designing-a-simple-name-space-for-exchange-2010/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PHBSupportAuthor Commented:
Gareth I had implemented everything in your article except the split brain DNS. Once I had added the entry no more cert errors

Many thanks

And thanks for the other contributions
0
Gareth GudgerCommented:
Awesome!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Software

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.