Avatar of box-bb-car
box-bb-car
Flag for United States of America asked on

Certificate error Outlook 2010/2013 clients

We have a client running Exchange 2010 on a Windows 2012 R2 server with Outlook 2010/2013 clients. It has a UCC certificate from Godaddy! Everything has been fine with this server for months. A week ago the clients started getting certificate errors. The name on the security certificate is invalid or doesn't match the name on the certificate. Here is where it gets weird. The server name listed at the top of the security alert is mail.domainname.com.com ( Notice the extra .com). If you view the certificate it says issued to *.com.com by RapidSSL SHA256 CA - G3. One of my coworkers and I have been over this server and client pc's backwards and forwards and can not find where this certificate is coming from. Other than doing windows updates a couple of weeks ago nothing has changed on this server. HAs anyone got any ideas? The users can click yes to continue but they are getting annoyed with that. I've checked all the DNS entries at Network Solutions and on the local DNS and everything appears fine. I've done the Microsoft Exchange Connectivity tests and everything come back fine. Help Please.
ExchangeOutlookSSL / HTTPS

Avatar of undefined
Last Comment
box-bb-car

8/22/2022 - Mon
Will Szymkowski

Is the certificate path in the proper certificate store? How could your certificate been modified?

Has anything changed on your virtual directories?

Will.
David Johnson, CD

someone has installed a rapidssl certificate.. You say you use godaddy which certificates are issued either by godaddy or startfield
ASKER CERTIFIED SOLUTION
M A

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
cpmcomputers

Are your Dns entries at network solutions ended with a period (full stop). To ensure they are fully qualified otherwise it will append .com to the entries?
And they will resolve to subdomain.domain.com.com
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
box-bb-car

ASKER
The trouble cert does not appear on any client system, nor on the server when we search by thumbprint. That is the frustrating part. If we could find the certificate we would remove it, or at least have a jumping off point from which to troubleshoot. All certs in exchange are correct in the console. Will verify that we do not have any that appear at the powershell level.

The certificate path does not come into play unless you choose to install the certificate on a client machine, then it installs into a folder of 'Other' if you allow auto install. As stated, it does not appear on the server when we search by thumbprint. Normally this would be an intermediate authority cert. Am wondering if in the Windows updates it may have corrupted some of the root certs
box-bb-car

ASKER
Just checked the URL's as suggested by MAS. Sure enough the one for the internal URL for the Web Services virtual directory had an extra .com in it. Not sure why or how that happened. Will have to see if this corrects the issue completely or if something else is going on that is changing that value.
M A

Did you reconfigure the URLs as per the article and check?

If still you have error please let us know.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
box-bb-car

ASKER
Thanks for pointing us in the right direction. Still don't know what caused the url to change but it's been corrected.