asked on getting Mismatched-Address error when renewing local (self-signed) certificate
Hello!
I am trying to renew (or just set up) a certificate that will work with Exchange for local access. I tried renewing the certificate (using ps: New-ExchangeCertificate) and set binding to the the Default Web Site on 127.0.0.1 to this nenewed certificate. Right after renewing the certificate, it was untrusted and i had to add to 'Trusted Root Certification Authorities'. When I look at the path, I only see a root certificate (whcih was newnewed-created) and no intermediate certificate. When using this set up I get a mismatched address error (trying to connect to https://<local ip address to server>/owa). Not sure what I am doing wrong?
I also tried just tried Creating a New Self-Signed Certificate from with in IIS and binding to 127.0.0.1 (this appears to auto-add the new certificate to 'Trusted Root Certification Authorities' and I get the same problem.
Thanks guys and thank you for your service!
I am trying to renew (or just set up) a certificate that will work with Exchange for local access. I tried renewing the certificate (using ps: New-ExchangeCertificate) and set binding to the the Default Web Site on 127.0.0.1 to this nenewed certificate. Right after renewing the certificate, it was untrusted and i had to add to 'Trusted Root Certification Authorities'. When I look at the path, I only see a root certificate (whcih was newnewed-created) and no intermediate certificate. When using this set up I get a mismatched address error (trying to connect to https://<local ip address to server>/owa). Not sure what I am doing wrong?
I also tried just tried Creating a New Self-Signed Certificate from with in IIS and binding to 127.0.0.1 (this appears to auto-add the new certificate to 'Trusted Root Certification Authorities' and I get the same problem.
Thanks guys and thank you for your service!
Microsoft IIS Web ServerSBSExchange
Last Comment
ImImIn
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
you posted the second comment right before mine
second question still stands - why are you using the IP address to access OWA?
second question still stands - why are you using the IP address to access OWA?
ASKER
self signed certificate (IIS)
OK, I will check if that what they are using (helping someone). But you are right, if I use https://mail.domainx.com/owa, I resolve properly!
OK, I will check if that what they are using (helping someone). But you are right, if I use https://mail.domainx.com/owa, I resolve properly!
using self-signed will also cause issues
get a certificate from a 3rd party like GoDaddy, thawte or verisign
get a certificate from a 3rd party like GoDaddy, thawte or verisign
ASKER
Thanks Seth, it looks like your comment "should be using FQDN for your certificate name; not the loopback address " is correct. I will check on in morning.
ASKER
"should be using FQDN for your certificate name; not the loopback address" did the trick, thank you!
The public address to this server (RapidSSL certificate) is mail.domainx.com
the interanl domain name is domainx.local
When I create a self-signed certificate and bind it and open in https://<server IP address>/owa, get the mismatched address I NOTICE that the 'Issued to' address is mail.domainx.com????