Certifcates on Exchange 2010 CAS server
Hello,
Recently installed a 2nd CAS server at another site. Exported certificate from existing CAS cas and installed it on the 2nd CAS server. followed all steps to including enabling and assigning services to the certificate. Issue is that when some users connect to outlook using VPN, they get a certificate error. The error shows the server name of the new CAS server as not having a valid certificate. I have verified all URL on the 2nd CAS match the names in the certificate (mail.company.com, autodiscover.company.com, outlook.company.com) . Am I missing something?
Thanks
Recently installed a 2nd CAS server at another site. Exported certificate from existing CAS cas and installed it on the 2nd CAS server. followed all steps to including enabling and assigning services to the certificate. Issue is that when some users connect to outlook using VPN, they get a certificate error. The error shows the server name of the new CAS server as not having a valid certificate. I have verified all URL on the 2nd CAS match the names in the certificate (mail.company.com, autodiscover.company.com, outlook.company.com) . Am I missing something?
Thanks
Since other exchange server it at different site, is it using a separate name space or internet facing, if yes you need to include that as well in SAN on certificates on both the exchange servers...exchange 2010 uses separate name space in different sites
ASKER
Stuart, the cert does not have a server name, just mail.company.com, autodiscover.company.com, outlook.company.com. I have verified all internal and external url's reference mail.company.com in the exchange console, under server, cas server role.
Hardik, I am looking into your suggestion.
Thanks
Hardik, I am looking into your suggestion.
Thanks
From the description you had mentioned you are missing namespace of other site on your certificate. Please include that as well on both the exchange servers and should be it. Do not include any server names on the certificate as you do not want to expose them to the external world.
ASKER
Thanks Hardik,
I read through the entire article and it is very informative, however I do not understand what you mean "missing namespace of other site on my certificate". The certificate does not have any particular site name and I have never heard of a site name on a certificate. Can you please elaborate.
Thanks,
I read through the entire article and it is very informative, however I do not understand what you mean "missing namespace of other site on my certificate". The certificate does not have any particular site name and I have never heard of a site name on a certificate. Can you please elaborate.
Thanks,
Assuming you have your primary namespace as mail.contoso.com, you also need to have mailsec.contoso.com on your certificate to ensure proper proxying or redirection.
ASKER
Thanks for your patience Hardik, but I want to make sure I understand this correctly.
We have a CAS server here at the local site, call it serverA. This server has a certificate installed which has the following SAN entries:
mail.company.com
autodiscover.company.com
outlook.company.com
There is no server name in the certificate. Also have a A record for autodiscover.comany.com pointing to serverA.
I export the certificate from ServerA to ServerB , import it on serverB, assign all services to the certificate and enable the Cert. when I move my mailbox to server and launch Outlook, I get a certificate warning. Do you think that if I added another A record for Autodiscover and pointed it to ServerB, the warning message would go away?
Thanks for you time and efforts.
We have a CAS server here at the local site, call it serverA. This server has a certificate installed which has the following SAN entries:
mail.company.com
autodiscover.company.com
outlook.company.com
There is no server name in the certificate. Also have a A record for autodiscover.comany.com pointing to serverA.
I export the certificate from ServerA to ServerB , import it on serverB, assign all services to the certificate and enable the Cert. when I move my mailbox to server and launch Outlook, I get a certificate warning. Do you think that if I added another A record for Autodiscover and pointed it to ServerB, the warning message would go away?
Thanks for you time and efforts.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Stuart