Exchange server 2016 certificate

Actually i have installed Exchange Server 2016 CU8 and Existing 2010 exchange available. After i test some user mailbox migration to 2016, it prompt for certificate issue.
"The name on the security certificate is invalid or does not match the name of the site."
 Even it prompts several times.This is error prompt several times.
I had exported both internal and public Wild Certificate from Exchange 2010 and Imported to Exchange 2016.  It shows error4.pngWhat can be done??
Binod MaharjanMicrosoft Support OfficerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

well, for exchange recommended external certificate is SAN certificate. included domain names should be: - exch 2016 (owa) - exch 2010 (owa) in case of exch2010

your certificate should be generated from exch2016

No need to assign internal certificates.
timgreen7077Exchange EngineerCommented:
Wildcard cert isn't recommended for exchange. It's recommended UCC SAN cert with the name space you require for autodiscover and OWA.
Binod MaharjanMicrosoft Support OfficerAuthor Commented:
yes i understand Exchange Server 2016 recommended SAN Certificate but  organization's has used Wild Card and  renewed just gone 2 months.
So, i guess if wild card certificate gets solution for this.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

timgreen7077Exchange EngineerCommented:
what's the SAN alternate name on the wild card cert. the common name is * so the SAN alternate should be the name that your outlook clients are attempting to connect to such at I have never used a wild card cert for exchange but other than the common name I would think the SAN name would need to be the name space you are using for client connectivity.
MASEE Solution Guide - Technical Dept HeadCommented:
Your exported certificate from Exchange2010 would be enough if you have 2 names.
You need only 2 names in your certificate. i.e. and
Your A Records ( and should point to Exchange 2016. Exchange 2016 will do proxying/redirecting to Exchange2010.
Exchange 2010 uses different protocol and once a client connected then it will not use Exchange2010 for clinet connectivity.
Please check this article. This should fix your outlook certificate error.
You can use this if you want to regenerate/rekey certificate easily.
For OWA you will use the same URL of Exchange2016 and Exchange is responsible to redirect/proxy to Exchange2010.
CAS Array name/FQDN (Exchange2010) should not be included in the certificate.
Hope this will clear your doubts and clear your certificate error.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MASEE Solution Guide - Technical Dept HeadCommented:
@Gaurav Sign
--> - exch 2010 (owa)  
Legacy name is used only when migrating from Exchange2007 to later versions. Exchange 2010 and 2013 doesn't require legacy name/URL as Exchange 2013/2016 will proxy the request to Exchange2010.

--> in case of exch2010
CAS array name is not required in certificate.

your certificate should be generated from exch2016
You can use any certificate issued which has common name and autodiscover. Exchange 2010 certificate can be used in Exchange 2016 and vice-versa.

Please correct me if I am wrong.

MAS, you are right. I went away in other direction thought about the migration scenario
MASEE Solution Guide - Technical Dept HeadCommented:
Thanks for being on board.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.