getting Mismatched-Address error when renewing local (self-signed) certificate

Hello!

I am trying to renew (or just set up) a certificate that will work with Exchange for local access. I tried renewing the certificate (using ps: New-ExchangeCertificate) and set binding to the the Default Web Site on 127.0.0.1 to this nenewed certificate. Right after renewing the certificate, it was untrusted and i had to add to 'Trusted Root Certification Authorities'.  When I look at the path, I only see a root certificate (whcih was newnewed-created) and no intermediate certificate. When using this set up I get a mismatched address error (trying to connect to https://<local ip address to server>/owa).  Not sure what I am doing wrong?

I also tried just tried Creating a New Self-Signed Certificate from with in IIS and binding to 127.0.0.1 (this appears to auto-add the new certificate to 'Trusted Root Certification Authorities' and I get the same problem.

Thanks guys and thank you for your service!
ImImInAsked:
Who is Participating?
 
Seth SimmonsSr. Systems AdministratorCommented:
where are you getting the certificate from?
why are you using the IP address to access OWA instead of the FQDN?
did you use 127.0.0.1 for the certificate name?  that would explain the mismatch
should be using FQDN for your certificate name; not the loopback address
0
 
ImImInAuthor Commented:
A little revised information:
The public address to this server (RapidSSL certificate) is mail.domainx.com
the interanl domain name is domainx.local

When I create a self-signed certificate and bind it and open in https://<server IP address>/owa, get the mismatched address I NOTICE that the 'Issued to' address is mail.domainx.com????
0
 
Seth SimmonsSr. Systems AdministratorCommented:
you posted the second comment right before mine
second question still stands - why are you using the IP address to access OWA?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
ImImInAuthor Commented:
self signed certificate (IIS)
OK, I will check if that what they are using (helping someone). But you are right, if I use https://mail.domainx.com/owa, I resolve properly!
0
 
Seth SimmonsSr. Systems AdministratorCommented:
using self-signed will also cause issues
get a certificate from a 3rd party like GoDaddy, thawte or verisign
0
 
ImImInAuthor Commented:
Thanks Seth, it looks like your comment "should be using FQDN for your certificate name; not the loopback address " is correct. I will check on in morning.
0
 
ImImInAuthor Commented:
"should be using FQDN for your certificate name; not the loopback address" did the trick, thank you!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.