Solved

Certificate Issue on Exchange 2016

Posted on 2016-08-21
7
47 Views
Last Modified: 2016-09-22
Single server Exchange 2016 installation.

Server is using a self-issued cert.

The cert is installed on all the workstations in the Trusted Root Certification Store, but all Outlook users are prompted at start to accept the cert with the 3rd option in the security Alert dialog redX’d “The name on the security certificate is invalid or does not match the name of the site”.

The name on the cert is the same as the host name of their MX record.

If an external user, without the cert, attempts to access OWA using IE, they get the expected certificate waring, but if they install the cert, then OWA logs in without the warning, so I believe the cert works OK.

If Outlook users OK through the Security Alert dialog, they connect OK and are not prompted again for the remainder of the Outlook session.

Any ideas to fix this?

I’ve looked at bindings in IIS, and they all use that cert.

If I do get-ExchangeCertificate in EMS, services I,P,W & S are bound to the cert in question, which is consistent with other Exchange Servers I’ve checked on.

Any ideas?
0
Comment
Question by:snooflehammer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 15

Accepted Solution

by:
Todd Nelson earned 500 total points
ID: 41764622
You will need to create a certificate request from the Exchange server and purchase a UCC/SAN certificate from a public certificate authority (CA) like Digicert or GoDaddy.

https://www.digicert.com/unified-communications-ssl-tls.htm
https://www.godaddy.com/web-security/ssl-certificate

https://oddytee.wordpress.com/2014/09/09/exchange-2013-certificate-commands/
0
 

Author Comment

by:snooflehammer
ID: 41764624
I plan to do that next time I've got some down time, but I just need to keep this working for a week or more. I can't risk bringing Exchange down at the moment.

Looking for a workaround to stop the cert pop-up message.
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 41764894
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:snooflehammer
ID: 41771024
Thanks guys!
0
 
LVL 15

Expert Comment

by:Todd Nelson
ID: 41790519
Snooflehammer,

Do you have an update for us?
0
 

Author Comment

by:snooflehammer
ID: 41790530
Got a Godaddy cert
0
 
LVL 15

Expert Comment

by:Todd Nelson
ID: 41811771
Hopefully the publicly trusted CA cert is working out for you. Please award points appropriately to close your resolved question.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question