Outlook SSL Certificate Error

detox1978
detox1978 used Ask the Experts™
on
Hi All,

When our Outlook 2010 users log in they are greeted with a certificate error.

Outlook Certificate Error
Any idea how I can get rid of it.  I'm comfortable deploying certificates via group policy (if that helps)


Many thanks
D
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
make in youre internal dns an srv record _autodiscover _tcp port 443 and enter te name the autodiscover url in youre certificate. also be sure you make dns entrees of youre external owa and autodiscover point to the local ip of youre exchange server.

Author

Commented:
do you have a link to a guide (ideally with screenshots or video)?

Commented:
had to figure this out a couple of months ago. i will look in the morning for documentation
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Senior Network Systems Specialist
Commented:
You need to create a SSL certificate with the name of your main mail service AND as an alternative subject name add autodiscover.domain.com to the certificate. If you use the Exchange EMC to generate the certificate request, it will auto-add the required names to the list.

http://www.msexchangegeek.com/exchange-2010-emc-and-certificates-management-part-1/

Commented:
it's not alloud anymore to put youre localserver.localdomain in youre cert. youre client inside the domain looks for autodiscover.localdomain. the server respond with a cert. that has outsidename.domain. and they dont match. with the result this message you get
MASEE Solution Guide - Technical Dept Head
Most Valuable Expert 2017
Commented:
Here is an article  but you need a 3rd party certificate.
http://www.experts-exchange.com/articles/13676/Out-Of-office-not-working.html

As commented above you cannot add your internal FQDN in 3rd party certificates.
Peter HutchisonSenior Network Systems Specialist

Commented:
You can add internal FQDNs but as long as they do not end with .local.
e.g. servername.mycompany.com

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial