Outlook SSL Certificate Error

Hi All,

When our Outlook 2010 users log in they are greeted with a certificate error.

Outlook Certificate Error
Any idea how I can get rid of it.  I'm comfortable deploying certificates via group policy (if that helps)

Many thanks
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Benjamin Van DitmarsSr Network EngineerCommented:
make in youre internal dns an srv record _autodiscover _tcp port 443 and enter te name the autodiscover url in youre certificate. also be sure you make dns entrees of youre external owa and autodiscover point to the local ip of youre exchange server.
detox1978Author Commented:
do you have a link to a guide (ideally with screenshots or video)?
Benjamin Van DitmarsSr Network EngineerCommented:
had to figure this out a couple of months ago. i will look in the morning for documentation
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Peter HutchisonSenior Network Systems SpecialistCommented:
You need to create a SSL certificate with the name of your main mail service AND as an alternative subject name add autodiscover.domain.com to the certificate. If you use the Exchange EMC to generate the certificate request, it will auto-add the required names to the list.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Benjamin Van DitmarsSr Network EngineerCommented:
it's not alloud anymore to put youre localserver.localdomain in youre cert. youre client inside the domain looks for autodiscover.localdomain. the server respond with a cert. that has outsidename.domain. and they dont match. with the result this message you get
MASEE Solution Guide - Technical Dept HeadCommented:
Here is an article  but you need a 3rd party certificate.

As commented above you cannot add your internal FQDN in 3rd party certificates.
Peter HutchisonSenior Network Systems SpecialistCommented:
You can add internal FQDNs but as long as they do not end with .local.
e.g. servername.mycompany.com
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.