Avatar of mapalaska2003
mapalaska2003
Flag for United States of America asked on

Security Certificates-Mail & Remote

I had been battling HTTPS SSL Certificate errors when users tried using Outlook Web Access or Remote Desktop Connection.

I got a hold of the certificate provider and they said my server had been set up wrong. It was set up as "remote.domainname.com, when it should have been set up as mail.DomainName.com.

They change something on the server (remotely) and now I am able to use OWA and Remote Desktop without security certificate errors. But now when ever anoyone open MS Outlook, they get a Security Alert pop-up - .The name on the security certificate is invalid or does not match the name of the site." On the pop-up it references remote. DomainName.com, but when I view the certificate from the button on the pop-up, it says that the certificate is issued to mail.domaionname.com

Thanks.
Web BrowsersSSL / HTTPSWindows Server 2008

Avatar of undefined
Last Comment
mapalaska2003

8/22/2022 - Mon
Michael Machie

You can make another CSR and specify the proper name in the re-key request. Submit the request, download the new certificate, and install the new certificate in the server.
Mal Osborne

For newer versions of Exchange, the server is accessed via several names, so what is required is  a SAN certificate, with multiple alternative names. A single name will not work.

There is also nothing wrong with calling your server "remote.domainname.com", this is perfectly valid. Obviously DNS and the certificate need to be set up to match.

More here:

http://exchangeserverpro.com/exchange-2010-ssl-certificates/
David Johnson, CD

Please follow this page
http://exchangeserverpro.com/avoiding-exchange-2013-server-names-ssl-certificates/
defaults
Outlook Anywhere – mail.yourdomain.com
Outlook Web App – https://mail.yourdomain.com/owa
Exchange Control Panel – https://mail.yourdomain.com/ecp
Exchange ActiveSync – https://mail.yourdomain.com/Microsoft-Server-ActiveSync
Exchange Web Services – https://mail.yourdomain.com/EWS/Exchange.asmx
Offline Address Book – https://mail.yourdomain.com/OAB
AutoDiscover – https://mail.yourdomain.com/Autodiscover/Autodiscover.xml

first go into certificate manager .. certmgr.msc and look at the Subject Name for your certificate to get the name right
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
mapalaska2003

ASKER
I go to certificate manager, but am not sure what your suggesting I do there.
David Johnson, CD

can you find your certificate in personal\certificates then go to details Subject my certificate
David Johnson, CD

you can also check in iis manager / bindings
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
mapalaska2003

ASKER
Certificate.jpg
ASKER CERTIFIED SOLUTION
David Johnson, CD

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
mapalaska2003

ASKER
Thanks for the help resolving this problem. It was a complicated one.
mapalaska2003

ASKER
Hi David. I'm still having certificate errors. The problem has returned and I'm perplexed.
When trying to check e,mail, this is what  get:

mail.domainname.com normally uses encryption to protect your information. When Chrome tried to connect to mail.domainname.com this time, the website sent back unusual and incorrect credentials. Either an attacker is trying to pretend to be mail.domainname.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.

You cannot visit mail.domainname.com right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck