Avatar of doctor069
Flag for Canada asked on

Exchange 2013 - Certificate Error

Hi - I have a 2013 exchange server with a different external name then the internal name. I bought a certificate with both names on it.

When I try to access internally I get a certificate error "the name on the security certificate is invalid or does not match the name of the site"

It was working fine before and I played around with some power shell commands now cant get it working again... :(

Does anyone have ideas on how to troubleshoot the issue?

Avatar of undefined
Last Comment
Will Szymkowski

8/22/2022 - Mon

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Simon Butler (Sembee)

I would just go through the settings to make the changes for the SSL certificate.
As already stated, the best practise is now considered to be that both the internal and external URLs are the same, with the external URL being used via a split DNS system.
It could be that you have enabled the wrong certificate or the wrong web site. I have seen HTTPS get bound to the backend site (which uses a self signed certificate) in the past, so you should check that. Check through EMS and get-exchangecertificate that your trusted certificate is still bound to IIS.

Will Szymkowski

As stated your internal and external URL's for your virtual directories should be the same. Did you renew this certificate and re-import it into the CAS server? If you did then you will also need to use the Enable-ExchangeCertificate -Thumbprint xxxxxxxx -services "pop,imap,smtp,iis" command to ensure that you are using this cert for Exchange. This command also needs to be run on all of your CAS servers that hold the cert.

Also a good test is, on the client that is getting the error message, Open Outlook, chold ctrl+right click the Outlook icon in the system tray and select , Test Email Auto Configuration run the Autodiscover test and check the Results Tab to ensure that the virtual directories are correct.

Your help has saved me hundreds of hours of internet surfing.