Exchange 2013 Cert "The name on the security certificate is invalid or does not match the name of the site."

Hello,
      I have just installed a new certificate for my new Exchange 2013 install.  Purchased the cert from godaddy and downloaded it, installed it and completed the installation of the cert by assigning it to SMTP and IIS. Now when I open Outlook on a client I get a security alert stating that “The name on the security certificate is invalid or does not match the name of the site.” Our external site is nofinishline.us but our internal domain is nofinishline.local.
      I ran some commands to see what the cert had for urls and I have attached the output. Now I know that I really don’t know what I am doing but shouldn’t  the  Auto discover url be the same as the external url? If so, how do I fix it, If not what do I have wrong?

Thank you
ExchangeCert.pdf
LVL 1
daskas27Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

fred3rdCommented:
What cmds did you run (most likely you mean powershell cmdlets, yes?) and what are their outputs? I didn't see them.
daskas27Author Commented:
Yes, powershell cmdlets. The outputs are in the attached file.
daskas27Author Commented:
Here are the outputs. Please see the attached file.
ExchangeCert.pdf
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

AlexantSystemsCommented:
Add a SRV record to your external DNS domain

 This is a sample of what it should look like if you mail server was email.nofinishline.us which according to mxtoolbox.com it is.

For GoDaddy under the SRV (Service)
_autodiscover _tcp  @ 0 0 443 email.nofinishline.us 1 hour

For DynDNS
_autodiscover._tcp.nofinishline.us 14400 SRV 0 0 443 email.nofinishline.us

For GoDadddy the setup is

Name: @
Target: email.nofinishline.us
Protocol: _tcp
Service: _autodiscover
Priority: 0
Weight: 0
Port: 443
TTL: 1 Hour

For DynDns Setup
Host name is _autodiscover._tcp
TTL is: 14400
Record Type is: SRV
Data is:  0 0 443 email.nofinishline.us

Do not attempt to add this record to your Active Directory DNS

In your active directory add the following zone in your active directory Forward Lookup Zones as a Primary Zone
email.nofinishline.us
add in an "A Record" in the zone with a blank name and an IP  address of your internal exchange server.
Once it is in, ping from a workstation email.nofinishline.us and it should return your internal IP address of your exchange server. If someone from the outside should pings email.nofinishline.us it should return your public IP address.

On the workstation you are testing from run a elevated command prompt (Admin) flush you DNS with the following command (restarting the workstation will also flush you DNS cache).

IPCONFIG /flushdns
 
You should no longer get the warning when you start Outlook.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fred3rdCommented:
You need to set these URLs, it seems they're missing.
Follow this: https://support.microsoft.com/en-us/kb/940726
daskas27Author Commented:
Holy smokes, this stuff is not for the faint of heart, is it? I will try these solution tomorrow morning when nobody needs the network in case I bring it down. Thanks.
daskas27Author Commented:
Would this problem also keep my activesync from working? It tells me it cannot connect to the server.
daskas27Author Commented:
I found the Srv on godaddy but I cannot find the DynDns Setup
AlexantSystemsCommented:
If you do not use DynDns then you do not have to worry about that part. That was a "Just in Case".
AlexantSystemsCommented:
This is a free tool from Digicert that will check your Exchange servers domain name setups and help you fix them.

https://www.digicert.com/internal-domain-name-tool.htm
daskas27Author Commented:
Thanks. Before doing anything I talked with Godaddy. They sent me instructions to "Reconfigure Microsoft Exchange Server to Use a Fully Qualified Domain Name. Should I do this?

https://www.godaddy.com/help/reconfiguring-microsoft-exchange-server-to-use-a-fully-qualified-domain-name-6281
daskas27Author Commented:
Thank you
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.