getting Mismatched-Address error when renewing local (self-signed) certificate


I am trying to renew (or just set up) a certificate that will work with Exchange for local access. I tried renewing the certificate (using ps: New-ExchangeCertificate) and set binding to the the Default Web Site on to this nenewed certificate. Right after renewing the certificate, it was untrusted and i had to add to 'Trusted Root Certification Authorities'.  When I look at the path, I only see a root certificate (whcih was newnewed-created) and no intermediate certificate. When using this set up I get a mismatched address error (trying to connect to https://<local ip address to server>/owa).  Not sure what I am doing wrong?

I also tried just tried Creating a New Self-Signed Certificate from with in IIS and binding to (this appears to auto-add the new certificate to 'Trusted Root Certification Authorities' and I get the same problem.

Thanks guys and thank you for your service!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ImImInAuthor Commented:
A little revised information:
The public address to this server (RapidSSL certificate) is
the interanl domain name is domainx.local

When I create a self-signed certificate and bind it and open in https://<server IP address>/owa, get the mismatched address I NOTICE that the 'Issued to' address is
Seth SimmonsSr. Systems AdministratorCommented:
where are you getting the certificate from?
why are you using the IP address to access OWA instead of the FQDN?
did you use for the certificate name?  that would explain the mismatch
should be using FQDN for your certificate name; not the loopback address

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Seth SimmonsSr. Systems AdministratorCommented:
you posted the second comment right before mine
second question still stands - why are you using the IP address to access OWA?
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

ImImInAuthor Commented:
self signed certificate (IIS)
OK, I will check if that what they are using (helping someone). But you are right, if I use, I resolve properly!
Seth SimmonsSr. Systems AdministratorCommented:
using self-signed will also cause issues
get a certificate from a 3rd party like GoDaddy, thawte or verisign
ImImInAuthor Commented:
Thanks Seth, it looks like your comment "should be using FQDN for your certificate name; not the loopback address " is correct. I will check on in morning.
ImImInAuthor Commented:
"should be using FQDN for your certificate name; not the loopback address" did the trick, thank you!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft IIS Web Server

From novice to tech pro — start learning today.