mapalaska2003
asked on
Security Certificates-Mail & Remote
I had been battling HTTPS SSL Certificate errors when users tried using Outlook Web Access or Remote Desktop Connection.
I got a hold of the certificate provider and they said my server had been set up wrong. It was set up as "remote.domainname.com, when it should have been set up as mail.DomainName.com.
They change something on the server (remotely) and now I am able to use OWA and Remote Desktop without security certificate errors. But now when ever anoyone open MS Outlook, they get a Security Alert pop-up - .The name on the security certificate is invalid or does not match the name of the site." On the pop-up it references remote. DomainName.com, but when I view the certificate from the button on the pop-up, it says that the certificate is issued to mail.domaionname.com
Thanks.
I got a hold of the certificate provider and they said my server had been set up wrong. It was set up as "remote.domainname.com, when it should have been set up as mail.DomainName.com.
They change something on the server (remotely) and now I am able to use OWA and Remote Desktop without security certificate errors. But now when ever anoyone open MS Outlook, they get a Security Alert pop-up - .The name on the security certificate is invalid or does not match the name of the site." On the pop-up it references remote. DomainName.com, but when I view the certificate from the button on the pop-up, it says that the certificate is issued to mail.domaionname.com
Thanks.
You can make another CSR and specify the proper name in the re-key request. Submit the request, download the new certificate, and install the new certificate in the server.
For newer versions of Exchange, the server is accessed via several names, so what is required is a SAN certificate, with multiple alternative names. A single name will not work.
There is also nothing wrong with calling your server "remote.domainname.com", this is perfectly valid. Obviously DNS and the certificate need to be set up to match.
More here:
http://exchangeserverpro.com/exchange-2010-ssl-certificates/
There is also nothing wrong with calling your server "remote.domainname.com", this is perfectly valid. Obviously DNS and the certificate need to be set up to match.
More here:
http://exchangeserverpro.com/exchange-2010-ssl-certificates/
Please follow this page
http://exchangeserverpro.com/avoiding-exchange-2013-server-names-ssl-certificates/
defaults
Outlook Anywhere – mail.yourdomain.com
Outlook Web App – https://mail.yourdomain.com/owa
Exchange Control Panel – https://mail.yourdomain.com/ecp
Exchange ActiveSync – https://mail.yourdomain.com/Microsoft-Server-ActiveSync
Exchange Web Services – https://mail.yourdomain.com/EWS/Exchange.asmx
Offline Address Book – https://mail.yourdomain.com/OAB
AutoDiscover – https://mail.yourdomain.com/Autodiscover/Autodiscover.xml
first go into certificate manager .. certmgr.msc and look at the Subject Name for your certificate to get the name right
http://exchangeserverpro.com/avoiding-exchange-2013-server-names-ssl-certificates/
defaults
Outlook Anywhere – mail.yourdomain.com
Outlook Web App – https://mail.yourdomain.com/owa
Exchange Control Panel – https://mail.yourdomain.com/ecp
Exchange ActiveSync – https://mail.yourdomain.com/Microsoft-Server-ActiveSync
Exchange Web Services – https://mail.yourdomain.com/EWS/Exchange.asmx
Offline Address Book – https://mail.yourdomain.com/OAB
AutoDiscover – https://mail.yourdomain.com/Autodiscover/Autodiscover.xml
first go into certificate manager .. certmgr.msc and look at the Subject Name for your certificate to get the name right
ASKER
I go to certificate manager, but am not sure what your suggesting I do there.
you can also check in iis manager / bindings
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help resolving this problem. It was a complicated one.
ASKER
Hi David. I'm still having certificate errors. The problem has returned and I'm perplexed.
When trying to check e,mail, this is what get:
mail.domainname.com normally uses encryption to protect your information. When Chrome tried to connect to mail.domainname.com this time, the website sent back unusual and incorrect credentials. Either an attacker is trying to pretend to be mail.domainname.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
You cannot visit mail.domainname.com right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.
When trying to check e,mail, this is what get:
mail.domainname.com normally uses encryption to protect your information. When Chrome tried to connect to mail.domainname.com this time, the website sent back unusual and incorrect credentials. Either an attacker is trying to pretend to be mail.domainname.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
You cannot visit mail.domainname.com right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.