Outlook SSL errors relating to domain.local

We recently renewed our SSL certificates for Exchange 2013 and ran into errors that were related to having a domain.local account on the certificate, as they will no longer be supported. We believe we managed to fix these issues since new Outlook profiles that are created (or re-created) no longer result in proxy server security certificate error or the name on the certificate being invalid.

However, existing profiles still display these errors when opening up Outlook. I'm trying to figure out a good way to resolve this for 100+ users without needing to recreate profiles. I tried to delete the .ost file, but, while that prevented the proxy error from showing up, it still seemed to give the name on the certificate error.


SSL errors in Outlook
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Carol ChisholmCommented:
Probably you need to change the URLs on the Virtual Directories for accessing the CAS server.

Because you can no longer put domain.local in a public certificate, if you want to use the same certificate for internal and external access, you need to change the virtual directory URLS.

If you environment is small and you are not doing load balancing , set the external and internal ones as identical (so they all use domain.com rather than domain.local).

You also have to make an internal DNS zone for owa.domain.com and mail.domain.com or whatever you use for your external access.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ruhkusAuthor Commented:
Hi Carol,
  Both the URLs and the internal DNS have been set as described, and I believe them to be correct. As noted, if I create a new profile, everything works fine. It seems that something is stored in the cached profiles, and remains there even if I delete the OST file, that points to the previously configured internal domain structure.

Carol ChisholmCommented:
hmm, normally the Outlook profiles get changed by Exchange when the mailbox is moved from one server to another. Is it an old version of Outlook? DO you still have any public folders or Address book distribution) on the old server)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.