Announcement

Collapse
No announcement yet.

"The name of the security certificate is invalid or does not match the name of the si

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • "The name of the security certificate is invalid or does not match the name of the si

    Hi everyone,

    We just got done putting in new certificates for our Exchange (2007) server and everything is working fine except for a minor inconvenience. When a user starts Outlook (2007), they are presented with a security warning that says "The name of the security certificate is invalid or does not match the name of the site." I've looked into it and found the kb article 940726 to be the fix for it (I can't post links yet..)

    We already lost a day of work and 2 days of not being able to access our email externally so I don't want to botch this. I am pretty sure those instructions will help but I want to make sure I get it right. If someone would help me out on the syntax of the commands on the given KB article I would be very grateful. The part I am unsure of is what to replace CAS_Server_Name with in steps 2-5. I am assuming the https;//mail[dot]contoso[dot]com is replaced by our email sub domain.

  • #2
    Re: "The name of the security certificate is invalid or does not match the name of th

    What did you replace the certificates with?
    If you deployed SAN (aka UC or Multiple Name ) certificates with the correct names then you shouldn't have any problems. That article is really designed for people who haven't deployed the correct kind of certificate. If it is a new certificate then that would indicate you have put the wrong certificate or the wrong names on it.

    CAS Server name is the name of the Exchange server holding the certificate.
    The URL mentioned matches the name on the SSL certificate.

    If you haven't deployed a multiple name certificate then you will also have to ensure that the name on the certificate resolves internally to the internal IP address of the server as well as externally.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: "The name of the security certificate is invalid or does not match the name of th

      We replaced the certificates with self-signed ones so at first we were experiencing issues with not being able to access our email externally. I had tech support fix what they broke and now we're able to resume everything as normal. So now I am assuming it isn't as easy to fix the security alert as I originally thought?

      Comment


      • #4
        Re: "The name of the security certificate is invalid or does not match the name of th

        If you replace the certificate with a commercial trusted UC (aka SAN or multiple name) certificate that has all of the relevant names in its list to match the names the users are connecting with, then you will not get certificate prompts.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: "The name of the security certificate is invalid or does not match the name of th

          It took long enough but I worked it out with Microsoft on getting this resolved. It came down to changing the name on the certificate so that it matches. The last thing we had to change was the rules on our firewall to allow connections to that machine.

          Comment

          Working...
          X