Link to home
Create AccountLog in
Avatar of ImImIn
ImImInFlag for United States of America

asked on

getting Mismatched-Address error when renewing local (self-signed) certificate

Hello!

I am trying to renew (or just set up) a certificate that will work with Exchange for local access. I tried renewing the certificate (using ps: New-ExchangeCertificate) and set binding to the the Default Web Site on 127.0.0.1 to this nenewed certificate. Right after renewing the certificate, it was untrusted and i had to add to 'Trusted Root Certification Authorities'.  When I look at the path, I only see a root certificate (whcih was newnewed-created) and no intermediate certificate. When using this set up I get a mismatched address error (trying to connect to https://<local ip address to server>/owa).  Not sure what I am doing wrong?

I also tried just tried Creating a New Self-Signed Certificate from with in IIS and binding to 127.0.0.1 (this appears to auto-add the new certificate to 'Trusted Root Certification Authorities' and I get the same problem.

Thanks guys and thank you for your service!
Avatar of ImImIn
ImImIn
Flag of United States of America image

ASKER

A little revised information:
The public address to this server (RapidSSL certificate) is mail.domainx.com
the interanl domain name is domainx.local

When I create a self-signed certificate and bind it and open in https://<server IP address>/owa, get the mismatched address I NOTICE that the 'Issued to' address is mail.domainx.com????
ASKER CERTIFIED SOLUTION
Avatar of Seth Simmons
Seth Simmons
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
you posted the second comment right before mine
second question still stands - why are you using the IP address to access OWA?
Avatar of ImImIn

ASKER

self signed certificate (IIS)
OK, I will check if that what they are using (helping someone). But you are right, if I use https://mail.domainx.com/owa, I resolve properly!
using self-signed will also cause issues
get a certificate from a 3rd party like GoDaddy, thawte or verisign
Avatar of ImImIn

ASKER

Thanks Seth, it looks like your comment "should be using FQDN for your certificate name; not the loopback address " is correct. I will check on in morning.
Avatar of ImImIn

ASKER

"should be using FQDN for your certificate name; not the loopback address" did the trick, thank you!