Announcement

Collapse
No announcement yet.

Exchange certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange certificate

    Hi all,

    We have one SSL cert which we use for Outlook Webaccess. The URL on the cert is webmail.mydomain.com.

    Each time i start Outlook i get an security warning informing me that the name on the security certificate is invalid or does not match the name of the site. I know this is an issue if you change the self cert created by Exchange for a 3rd party certificate.

    When i point to the outlook icon in the system tray, right click and hold ctrl down and Test E-mail Configuration, i can see it's the OOF URL and the Availability Service URL that have the incorrect URL. Could i just change these URL's to point to the name on certificate to get rid of the error when i start Outlook?

    Matt

  • #2
    Re: Exchange certificate

    Sorry i should also point out that our CAS and HT server are on the same server. When i run the test email config in Outlook, it references the following:

    Availability Service URL: https://servername.mydomain.com/EWS/Exchange.asmx

    The OOF is the same as above.

    I recently had an issue whereby the OAB for Outlook 2007 wouldn't work as the company who set up our Exchange had set the URL to a random URL for some reason. Once i change this to the URL of the cert, the OAB worked like a charm.

    Comment


    • #3
      Re: Exchange certificate

      The best way to resolve this is to purchase a commercial SAN/UC certificate with the required URLs in it. Outlook attempts to connect to some predefined URLs, including autodiscover.example.com. While it is possible to work around that, your external DNS provider must support SRV records, which many do not.

      I have outlined what you need to do on my blog here:
      http://blog.sembee.co.uk/archive/2008/05/30/78.aspx

      The required SSL certificate is US$60/year.

      Simon.
      --
      Simon Butler
      Exchange MVP

      Blog: http://blog.sembee.co.uk/
      More Exchange Content: http://exchange.sembee.info/
      Exchange Resources List: http://exbpa.com/
      In the UK? Hire me: http://www.sembee.co.uk/

      Sembee is a registered trademark, used here with permission.

      Comment


      • #4
        Re: Exchange certificate

        yes you are right. If you certificate doesnot contain the name using which the url is set then you are bound to get certificate prompt in outlook...Checkout this KB http://support.microsoft.com/kb/940726

        Change the EWS url as per certificate name then everything should be fine...

        I am assuming you are using single name certificate...
        ________
        DEMON
        Last edited by Dks; 13th March 2011, 00:12.
        Rgds,

        Dks
        MCP E2K3 & MCITP E2K7
        MCITP Enterprise Win2k8

        Comment


        • #5
          Re: Exchange certificate

          Yeah, we have a single name cert. So changing the name of the EWS will fix it??

          Another question: I'm in the middle of writing a DR doc for the recovery of exchange 2007. We have one server that has the HT and CAS roles. If i wanted to recover these roles, i'd have to use the/DoNotStartTransport switch to enable me to recreate my receive connector. Do i also need to re-import the cert? I take it isn't recovered as part of the /recoverserver switch.

          Matt

          Comment


          • #6
            Re: Exchange certificate

            Yes the name on the certificate should match with the Urls being set on the CAS server. So set the EWS url.

            If you are using a internal or 3rd party certificate then we need to re-import the certificate on the server.

            Hope this answer your queries.
            ________
            Payment protection insurance forum
            Last edited by Dks; 13th March 2011, 00:12.
            Rgds,

            Dks
            MCP E2K3 & MCITP E2K7
            MCITP Enterprise Win2k8

            Comment


            • #7
              Re: Exchange certificate

              Hi,

              Yeah, that's answered my query!

              Thanks
              matt

              Comment


              • #8
                Re: Exchange certificate

                Hi,

                I used godaddy for mine, there are many companies out there that can provide them.

                http://www.godaddy.com/gdshop/ssl/ss...dplink&ci=9039

                The certificate which was used is actually;

                Multiple Domain (UCC)

                This covers my webmail.domain.co.uk as well as my internal and some other stuff, can hold up to 5 domains, anything else is extra.

                It was relatively easy to install too.

                Thanks,

                G.

                Comment


                • #9
                  Re: Whose Dog Was the Smartest

                  Do not feed the trolls
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment

                  Working...
                  X