asked on Why cert error for this ms outlook?
This is using MS Exchange Server 2016. This exchange server is hosting few email domains, such as, abc.com, def.com, and ghi.com. A user has her ms outlook setup with shirley@abc.com, shirleym@def.com, and shirley.mun@ghi.com was greeted with the following cert warning,
Note: the autodiscover is autodiscover.def.com
We pressed the "view Certificate...", both the CA and exchange certs are valid, not exclamation mark. As for the "mx" and "autodiscover" hosts, all these already listed in the certificate.
In MS outlook, we found that when highlighting "shirleym@def.com", a "disconnect from exchange" was found on the task bar. Other 2 is without problem.
What is missing from the settings? and how to solve the problem?
Thanks,
OutlookExchange
Last Comment
David Favor
If I had a quid for every time :)...........
The name of the security certificate is invalid or does not match the name of the site
</P>
The name of the security certificate is invalid or does not match the name of the site
</P>
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
What you'll get, from the above command, is output like this...
So you'll see the expiration date, along with each property covered... which in this specific case is a wildcard cert covering all hosts for this domain, along with the bare domain.
# echo QUIT | openssl s_client -connect davidfavor.com:443 2>&1 | openssl x509 -noout -text | egrep -e DNS: -e "Not After"
Not After : Dec 18 20:06:44 2021 GMT
DNS:*.davidfavor.com, DNS:davidfavor.com
So you'll see the expiration date, along with each property covered... which in this specific case is a wildcard cert covering all hosts for this domain, along with the bare domain.
ASKER
Hi all,
Please give me some time to go through your suggested steps
Please give me some time to go through your suggested steps
ASKER
Hi Pete Long,
Thanks for sharing the various URL settings for internal and external. However, think the server side is working fine. The problem should be only on this user desktop.
Thanks for sharing the various URL settings for internal and external. However, think the server side is working fine. The problem should be only on this user desktop.
There's still a server side problem...
So what appears to be happening.
1) Your wildcard cert covering *.def.com (all hosts) is correct.
2) Your HTTPS config for autodiscover.def.com is incorrect.
Fix: Is to add an HTTPS stanza to cover the autodiscover host.
# This is correct, although best avoid CloudFlare at all costs, if stable tech is your goal...
net15 # echo QUIT | openssl s_client -connect def.com:443 2>&1 | openssl x509 -noout -text | egrep -e DNS: -e "Not After"
Not After : Nov 15 23:59:59 2022 GMT
DNS:sni.cloudflaressl.com, DNS:*.def.com, DNS:def.com
# This is incorrect, so no lookup for the autodiscover host will ever work...
net15 # echo QUIT | openssl s_client -connect autodiscover.def.com:443 2>&1 | openssl x509 -noout -text | egrep -e DNS: -e "Not After"
unable to load certificate
140332014576960:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
So what appears to be happening.
1) Your wildcard cert covering *.def.com (all hosts) is correct.
2) Your HTTPS config for autodiscover.def.com is incorrect.
Fix: Is to add an HTTPS stanza to cover the autodiscover host.
Note that the name Autodiscover is only used for configuration, Another name has been configured in Exchange to access the data.
Have you configured a CNAME for Autodiscover in all domains (abc.com, def,com, ghi.com and Proseware.com) defined in the local DNS ?