Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Certificate Issue on Exchange 2016

Posted on 2016-08-21
7
Medium Priority
?
63 Views
Last Modified: 2016-09-22
Single server Exchange 2016 installation.

Server is using a self-issued cert.

The cert is installed on all the workstations in the Trusted Root Certification Store, but all Outlook users are prompted at start to accept the cert with the 3rd option in the security Alert dialog redX’d “The name on the security certificate is invalid or does not match the name of the site”.

The name on the cert is the same as the host name of their MX record.

If an external user, without the cert, attempts to access OWA using IE, they get the expected certificate waring, but if they install the cert, then OWA logs in without the warning, so I believe the cert works OK.

If Outlook users OK through the Security Alert dialog, they connect OK and are not prompted again for the remainder of the Outlook session.

Any ideas to fix this?

I’ve looked at bindings in IIS, and they all use that cert.

If I do get-ExchangeCertificate in EMS, services I,P,W & S are bound to the cert in question, which is consistent with other Exchange Servers I’ve checked on.

Any ideas?
0
Comment
Question by:snooflehammer
  • 3
  • 3
7 Comments
 
LVL 17

Accepted Solution

by:
Todd Nelson earned 2000 total points
ID: 41764622
You will need to create a certificate request from the Exchange server and purchase a UCC/SAN certificate from a public certificate authority (CA) like Digicert or GoDaddy.

https://www.digicert.com/unified-communications-ssl-tls.htm
https://www.godaddy.com/web-security/ssl-certificate

https://oddytee.wordpress.com/2014/09/09/exchange-2013-certificate-commands/
0
 

Author Comment

by:snooflehammer
ID: 41764624
I plan to do that next time I've got some down time, but I just need to keep this working for a week or more. I can't risk bringing Exchange down at the moment.

Looking for a workaround to stop the cert pop-up message.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:snooflehammer
ID: 41771024
Thanks guys!
0
 
LVL 17

Expert Comment

by:Todd Nelson
ID: 41790519
Snooflehammer,

Do you have an update for us?
0
 

Author Comment

by:snooflehammer
ID: 41790530
Got a Godaddy cert
0
 
LVL 17

Expert Comment

by:Todd Nelson
ID: 41811771
Hopefully the publicly trusted CA cert is working out for you. Please award points appropriately to close your resolved question.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question