Announcement

Collapse
No announcement yet.

Certificate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Certificate

    Hi,
    I have exchange 2003 in my organization.
    Recently, i've installed exchange 2007 in addition to the 2003.

    I've moved the users' mailboxes from the old server to the new 2007 server.

    I've exposed the server to the internet using fixed IP and FQDN (mail-srv.mycompany.com)

    also, i've issued certificate (via GoDaddy) so users with Nokia phones will be
    able to receive mails using MFE (mail for exchange).

    Now, the problem is since i've issued the certificate the internal users in my company are getting certificate error (see screenshot attached), though i've already installed the new certificate in the workstations using GPO.

    The certificate error occurs when users launch their outlook 2007 (Outlook.jpg) and when i want to configure a new profile for outlook 2007 (Configuring mailbox.jpg)
    Attached Files
    Regards,

    IK.
    MCSE Win2k3


  • #2
    Re: Certificate

    You will need to configure the internal/external site names on the CAS server to match the name on the certificate for the errors to disappear:

    See this article:
    http://www.amset.info/exchange/singlenamessl.asp

    Comment


    • #3
      Re: Certificate

      OK thanks.
      I'll try this out and update.
      Regards,

      IK.
      MCSE Win2k3

      Comment


      • #4
        Re: Certificate

        Follow Kb:-http://support.microsoft.com/kb/940726
        ________
        Buy Easy Vape
        Last edited by Dks; 13th March 2011, 00:22.
        Rgds,

        Dks
        MCP E2K3 & MCITP E2K7
        MCITP Enterprise Win2k8

        Comment


        • #5
          Re: Certificate

          Thanks pjhutch and Dks.
          My certificate was issued to "*.mydomain.com"

          Do I have to change add *.mydomain.local" to the certificate in order to remove that annoying error?
          Regards,

          IK.
          MCSE Win2k3

          Comment


          • #6
            Re: Certificate

            There is a workaround for it:-

            You need to have a forward lookup zone for mydomain.com in your interal DNS. if yes then create a Host A record for the CAS server name in this zone and pint it to the CAS local IP. After that you can change the URLS to this newly create A record on the CAS server.
            ________
            Sativa strains
            Last edited by Dks; 13th March 2011, 00:23.
            Rgds,

            Dks
            MCP E2K3 & MCITP E2K7
            MCITP Enterprise Win2k8

            Comment


            • #7
              Re: Certificate

              Your problem was using "*.mydomain.com"
              That is not the same as the SAN/UC certificate that you should have purchased. A SAN/UC certificate would allow you to have both example.com and the .local domain on the same certificate and avoid errors.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: Certificate

                Thank you Sembee.

                I'll create a new certificate.
                Regards,

                IK.
                MCSE Win2k3

                Comment

                Working...
                X