Security Certificates-Mail & Remote

mapalaska2003
mapalaska2003 used Ask the Experts™
on
I had been battling HTTPS SSL Certificate errors when users tried using Outlook Web Access or Remote Desktop Connection.

I got a hold of the certificate provider and they said my server had been set up wrong. It was set up as "remote.domainname.com, when it should have been set up as mail.DomainName.com.

They change something on the server (remotely) and now I am able to use OWA and Remote Desktop without security certificate errors. But now when ever anoyone open MS Outlook, they get a Security Alert pop-up - .The name on the security certificate is invalid or does not match the name of the site." On the pop-up it references remote. DomainName.com, but when I view the certificate from the button on the pop-up, it says that the certificate is issued to mail.domaionname.com

Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
You can make another CSR and specify the proper name in the re-key request. Submit the request, download the new certificate, and install the new certificate in the server.
For newer versions of Exchange, the server is accessed via several names, so what is required is  a SAN certificate, with multiple alternative names. A single name will not work.

There is also nothing wrong with calling your server "remote.domainname.com", this is perfectly valid. Obviously DNS and the certificate need to be set up to match.

More here:

http://exchangeserverpro.com/exchange-2010-ssl-certificates/
Top Expert 2016

Commented:
Please follow this page
http://exchangeserverpro.com/avoiding-exchange-2013-server-names-ssl-certificates/
defaults
Outlook Anywhere – mail.yourdomain.com
Outlook Web App – https://mail.yourdomain.com/owa
Exchange Control Panel – https://mail.yourdomain.com/ecp
Exchange ActiveSync – https://mail.yourdomain.com/Microsoft-Server-ActiveSync
Exchange Web Services – https://mail.yourdomain.com/EWS/Exchange.asmx
Offline Address Book – https://mail.yourdomain.com/OAB
AutoDiscover – https://mail.yourdomain.com/Autodiscover/Autodiscover.xml

first go into certificate manager .. certmgr.msc and look at the Subject Name for your certificate to get the name right
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Author

Commented:
I go to certificate manager, but am not sure what your suggesting I do there.
Top Expert 2016

Commented:
can you find your certificate in personal\certificates then go to details Subject my certificate
Top Expert 2016

Commented:
you can also check in iis manager / bindings

Author

Commented:
Certificate.jpg
Top Expert 2016
Commented:
so everything has to have mail.mappingalaska.com

Author

Commented:
Thanks for the help resolving this problem. It was a complicated one.

Author

Commented:
Hi David. I'm still having certificate errors. The problem has returned and I'm perplexed.
When trying to check e,mail, this is what  get:

mail.domainname.com normally uses encryption to protect your information. When Chrome tried to connect to mail.domainname.com this time, the website sent back unusual and incorrect credentials. Either an attacker is trying to pretend to be mail.domainname.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.

You cannot visit mail.domainname.com right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial