Damian Gardner
asked on
Need help adding an FQDN to a security certificate.
Need help identifying WHICH certificate is causing the Outlook certificate error "Name on the security certificate is invalid or does not match the name of the site" - and then how to add our Exchange server's FQDN to it, so it's no longer invalid.
So the name that is causing the error in Outlook is specifying the FQDN of our Exchange server, which is "exchange.lacoinc1.local" - that's what is named at the top of the certificate error. So where is the certificate that I need to add this FQDN to?
I read that the fix is the following:
"•Add the domain.com to your Public Facing Website’s certificate. That way, Outlook makes a successful connection to https://domain.com, determines it’s not Exchange, and will fallback to attempting autodiscover via https://autodiscover.domain.com. (Preferred Option for obvious secure reason)
Thank you!
So the name that is causing the error in Outlook is specifying the FQDN of our Exchange server, which is "exchange.lacoinc1.local" - that's what is named at the top of the certificate error. So where is the certificate that I need to add this FQDN to?
I read that the fix is the following:
"•Add the domain.com to your Public Facing Website’s certificate. That way, Outlook makes a successful connection to https://domain.com, determines it’s not Exchange, and will fallback to attempting autodiscover via https://autodiscover.domain.com. (Preferred Option for obvious secure reason)
Thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You may be right but OP need to confirm
ASKER
Mahesh / Joseph - thank you for your help. Yes, we are older 2010 Exchange still (about to upgrade to Exchange Online in next few months), and are in process as we speak with upgrading 2010 Outlooks to 2016. All the errors are happening in old 2010 clients however. I will read through the Sembee article, and then add steps Joseph has suggested, and reply back soon. thank you!
My guess is you are using the default self-signed certificate that comes with Exchange. I am also assuming that you probably don't want to buy a third party certificate, or you probably didn't know you needed it.
So, assume not third-party SSL:
The other thing is that your certificates need to be at least SHA-2 compliant otherwise modern browsers won't connect, also suspect latest versions of outlook too. So, your CA should issue at least SHA-2 too.
Your client access urls and autodiscover internal uri can be configured/should be configured with the external email domain name whic should be same as the accepted domain.
Follow above and all your SSL erros should disappear.