Link to home
Start Free TrialLog in
Avatar of hgj1357
hgj1357

asked on

Exchange 2010 Certificates Issue (Win 2012)

I have a Win 2012 std server running Exchange 2010. It has worked fine but we recently renewed certificates which has led to some issues.

On our local network Outlook gives an error that the certificate is not trusted. Cert issued to WMSvc-NEX. But I can still proceed.
Using remote OWA, I get a "Your connection is not private" error. NET::ERR_CERT_AUTHORITY_INVALID.  Security certificate is not trusted by your computers operating system (Win 7 pro). But again, I can elect to continue.

There are three certificates on the EXchange server I can view from the console.  1)  Self signed called Microsoft Exchange issued by the local server running exchange. Services: IMAP; SMTP.  2)  CompanyMail issued by GoDaddy. Services POP; SMTP.  3) Self signed WMSvc-NEX issued by WMSvc-NEX. Services IIS, SMTP.

All certificates have at least 2 years before they expire.

How can I stop these errors?

Thanks
ASKER CERTIFIED SOLUTION
Avatar of Tom Cieslik
Tom Cieslik
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of hgj1357
hgj1357

ASKER

OK.  IIS Manager (on the Exchange server) Sites | Default | Bindings:

Http   |  80  |  *
Https  |  443.  |  
http   |  80  |  127.0.0.1
https  |  443  |  127.0.0.01

this is all I see.  Am I in the right place?
Yes, If you click on first https and go to Edit you will see option to Bind Certificate to protocol
Avatar of hgj1357

ASKER

That appears to have fixed the issue when connecting via OWA, but my internal outlook clients are still getting a certificate error.  Outlook internally connects to SVR2.mydomain.local  and not mail.mydomain.com
Avatar of hgj1357

ASKER

The error from outlook
EE02.jpg
Your external and internal domain names different so you'll have to create SRV records for autodiscover.
This link explains the steps for that.
https://www.petenetlive.com/KB/Article/0000036
Avatar of hgj1357

ASKER

Thanks for the quick assistance.