Binod Maharjan
asked on
Exchange server 2016 certificate
Actually i have installed Exchange Server 2016 CU8 and Existing 2010 exchange available. After i test some user mailbox migration to 2016, it prompt for certificate issue.
"The name on the security certificate is invalid or does not match the name of the site."
Even it prompts several times.
I had exported both internal and public Wild Certificate from Exchange 2010 and Imported to Exchange 2016. It shows What can be done??
"The name on the security certificate is invalid or does not match the name of the site."
Even it prompts several times.
I had exported both internal and public Wild Certificate from Exchange 2010 and Imported to Exchange 2016. It shows What can be done??
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Wildcard cert isn't recommended for exchange. It's recommended UCC SAN cert with the name space you require for autodiscover and OWA.
ASKER
yes i understand Exchange Server 2016 recommended SAN Certificate but organization's has used Wild Card and renewed just gone 2 months.
So, i guess if wild card certificate gets solution for this.
So, i guess if wild card certificate gets solution for this.
what's the SAN alternate name on the wild card cert. the common name is *.domain.com so the SAN alternate should be the name that your outlook clients are attempting to connect to such at mail.domain.com. I have never used a wild card cert for exchange but other than the common name I would think the SAN name would need to be the name space you are using for client connectivity.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@Gaurav Sign
-->i.e.legacy.domain.com - exch 2010 (owa)
Legacy name is used only when migrating from Exchange2007 to later versions. Exchange 2010 and 2013 doesn't require legacy name/URL as Exchange 2013/2016 will proxy the request to Exchange2010.
https://blogs.technet.microsoft.com/exchange/2015/10/26/client-connectivity-in-an-exchange-2016-coexistence-environment-with-exchange-2010/
-->casarray.domain.com in case of exch2010
CAS array name is not required in certificate.
https://blogs.technet.microsoft.com/exchange/2012/03/23/demystifying-the-cas-array-object-part-1/
your certificate should be generated from exch2016
You can use any certificate issued which has common name and autodiscover. Exchange 2010 certificate can be used in Exchange 2016 and vice-versa.
Please correct me if I am wrong.
Thanks
MAS
-->i.e.legacy.domain.com - exch 2010 (owa)
Legacy name is used only when migrating from Exchange2007 to later versions. Exchange 2010 and 2013 doesn't require legacy name/URL as Exchange 2013/2016 will proxy the request to Exchange2010.
https://blogs.technet.microsoft.com/exchange/2015/10/26/client-connectivity-in-an-exchange-2016-coexistence-environment-with-exchange-2010/
-->casarray.domain.com in case of exch2010
CAS array name is not required in certificate.
https://blogs.technet.microsoft.com/exchange/2012/03/23/demystifying-the-cas-array-object-part-1/
your certificate should be generated from exch2016
You can use any certificate issued which has common name and autodiscover. Exchange 2010 certificate can be used in Exchange 2016 and vice-versa.
Please correct me if I am wrong.
Thanks
MAS
MAS, you are right. I went away in other direction thought about the migration scenario
Gaurav,
Thanks for being on board.
MAS
Thanks for being on board.
MAS