Certificate Issue on Exchange 2016

snooflehammer
snooflehammer used Ask the Experts™
on
Single server Exchange 2016 installation.

Server is using a self-issued cert.

The cert is installed on all the workstations in the Trusted Root Certification Store, but all Outlook users are prompted at start to accept the cert with the 3rd option in the security Alert dialog redX’d “The name on the security certificate is invalid or does not match the name of the site”.

The name on the cert is the same as the host name of their MX record.

If an external user, without the cert, attempts to access OWA using IE, they get the expected certificate waring, but if they install the cert, then OWA logs in without the warning, so I believe the cert works OK.

If Outlook users OK through the Security Alert dialog, they connect OK and are not prompted again for the remainder of the Outlook session.

Any ideas to fix this?

I’ve looked at bindings in IIS, and they all use that cert.

If I do get-ExchangeCertificate in EMS, services I,P,W & S are bound to the cert in question, which is consistent with other Exchange Servers I’ve checked on.

Any ideas?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Systems Engineer
Top Expert 2016
Commented:
You will need to create a certificate request from the Exchange server and purchase a UCC/SAN certificate from a public certificate authority (CA) like Digicert or GoDaddy.

https://www.digicert.com/unified-communications-ssl-tls.htm
https://www.godaddy.com/web-security/ssl-certificate

https://oddytee.wordpress.com/2014/09/09/exchange-2013-certificate-commands/

Author

Commented:
I plan to do that next time I've got some down time, but I just need to keep this working for a week or more. I can't risk bringing Exchange down at the moment.

Looking for a workaround to stop the cert pop-up message.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Thanks guys!
Todd NelsonSystems Engineer
Top Expert 2016

Commented:
Snooflehammer,

Do you have an update for us?

Author

Commented:
Got a Godaddy cert
Todd NelsonSystems Engineer
Top Expert 2016

Commented:
Hopefully the publicly trusted CA cert is working out for you. Please award points appropriately to close your resolved question.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial