Link to home
Start Free TrialLog in
Avatar of doctor069
doctor069Flag for Canada

asked on

Exchange 2013 - Certificate Error

Hi - I have a 2013 exchange server with a different external name then the internal name. I bought a certificate with both names on it.

When I try to access internally I get a certificate error "the name on the security certificate is invalid or does not match the name of the site"

It was working fine before and I played around with some power shell commands now cant get it working again... :(

Does anyone have ideas on how to troubleshoot the issue?
Avatar of becraig
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I would just go through the settings to make the changes for the SSL certificate.
As already stated, the best practise is now considered to be that both the internal and external URLs are the same, with the external URL being used via a split DNS system.
It could be that you have enabled the wrong certificate or the wrong web site. I have seen HTTPS get bound to the backend site (which uses a self signed certificate) in the past, so you should check that. Check through EMS and get-exchangecertificate that your trusted certificate is still bound to IIS.

As stated your internal and external URL's for your virtual directories should be the same. Did you renew this certificate and re-import it into the CAS server? If you did then you will also need to use the Enable-ExchangeCertificate -Thumbprint xxxxxxxx -services "pop,imap,smtp,iis" command to ensure that you are using this cert for Exchange. This command also needs to be run on all of your CAS servers that hold the cert.

Also a good test is, on the client that is getting the error message, Open Outlook, chold ctrl+right click the Outlook icon in the system tray and select , Test Email Auto Configuration run the Autodiscover test and check the Results Tab to ensure that the virtual directories are correct.