Announcement

Collapse
No announcement yet.

Certificate Principal name incorrect for Exchange 2010

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Certificate Principal name incorrect for Exchange 2010

    We recently installed a SSL cert for Exchange 2010. The certificate is installed correctly, but users are now getting this error message sometimes when they open Outlook:
    The name on the security certificate is invalid or does not match the name of the site. When I check using Test E-mail AutoConfiguration, the Certificate Principal Name shows the local name of the server rather than the SSL cert name for public access. It should read mail.mycompany.com. There are several Powershell commands that I have checked, but not been able to resolve the issue.
    Any ideas?
    Attached Files

  • #2
    You will need the certificate re-issued. Create a new request in Exchange, make sure the names are correct (principal name first, normally) then re-key the certificate and check the correct principal name shows up/
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Originally posted by Ossian View Post
      You will need the certificate re-issued. Create a new request in Exchange, make sure the names are correct (principal name first, normally) then re-key the certificate and check the correct principal name shows up/
      Thanks for your response. So, there is no other way using Powershell commands to fix the Certificate Principal Name other than to reissue the certificate?

      Comment


      • #4
        The SSL certificate is issued to a specific name. You cannot change it afterwards because that would allow someone to change their certificate to match your Bank (for example) and pass the SSL requests. If you want the common name changed, then a reissued SSL certificate will be required. You will not be able to get an internal only name on the certificate either. External names only now, which will mean a change to your Exchange server and internal DNS. http://semb.ee/hostnames2010
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment

        Working...
        X