Announcement

Collapse
No announcement yet.

Certificate Error

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Certificate Error

    We recently setup a new Exchange 2010 and then we started moving users mailbox a few at a time. Everything worked well. Except when we have a new SSL Cert installed with a different name than the name of the server. I.e., our exchange sever name is exchangename.domain.local. We bought the Cert and registered as mail.domain.com. When we setup Outlook for user we get security alert about the site security certificate. An X on "security was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority." A check mark on "The security certificate date is valid" and on "The security certificate has a valid name." It happened once and after that Outlook is working fine. But users also has mobile phone (Android & iOS) can't be configured to check email. On the Android, it spitted an error "The certificate from the server is not validated. Do you want to disable verifying certificates for this account? (not recommended). Clicked on disable and it was successful but then it can't connect to the Exchange server.
    Is there any idea to resolve this issue?

  • #2
    Re: Certificate Error

    First - don't hijack old threads. I have moved your question to a new thread.

    Have you changed Exchange to use the new SSL certificate with the host name being correct?
    http://semb.ee/hostnames

    The fact that you are getting trust issues means either you aren't using a trusted certificate or you haven't enabled it correctly. Did you purchase a certificate?

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Certificate Error

      Oh thanks. We purchased the certificate that was issued to the exchange server name which is exchange_name.domain.local. But the registered DNS name is mail.domain.com and the certificate was installed to Exchange server under Personal\Certificates. Should it be under Personal\Trusted Root Certificates, no?

      By the way, your link is broken with error 403 - access denied.

      Comment


      • #4
        Re: Certificate Error

        You should have purchased a certificate for your public host name, not the private one. Ask your SSL provider if you can change it.
        Then once you have it, setup the server as per my link.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Certificate Error

          Hi Simon,

          Okay now we purchased the certificate and installed on our Exchange server. But before we purchased and installed this certificate we got the security alert:

          a cross mark on the first line "The security certificate was issued by a company...."
          a check marks on the second "The security certificate date is valid"
          The third check mark on "The security certificate has a valid name."

          After we installed the purchased cert we got a cross mark on the third line this time and it keeps giving us the security alert every time we open Outlook.

          I can't setup corporate exchange email on iOS device like iPhone and Android 2.2x version.

          Thanks for your great help.

          BTW, your link is not working. Would love to check your documentation.

          Comment


          • #6
            Re: Certificate Error

            If you Google for "Exchange" and the error message you're getting, you will find that this is a very common problem. It occurs whenever someone installs an SSL certificate on an Exchange server without following the correct procedure.

            You're getting this error message because the server identifies itself to the clients using the internal server name, not the name used in the certificate. Changing this is trivial, and involves issuing a few PowerShell commands (3 at the most). I could list them here, but I'll just link to one of the articles returned by the Google search.

            As for checking the documentation, that would indeed be a great idea. One should preferably do that before attempting to install or configure something, particularly if one does not really know how it actually works.

            (By the way, changing the URLs to point to the external server name may actually cause internal clients to lose contact with the Exchange server altogether in some scenarios, depending on how your network is configured. There's an easy solution for that problem too; it involves creating a DNS zone on your internal DNS server.)
            Last edited by Ser Olmy; 22nd November 2013, 21:47.

            Comment


            • #7
              Re: Certificate Error

              I have just checked the link and it works fine.
              You need to setup a split DNS record so the external name resolves internally to the Exchange server, then have all internal and external URLs in Exchange use the external name.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: Certificate Error

                Thank you Ser Olmy and Sembee for you help. But Olmy: I like PowerShell command too. What about the GUI. My coworker may like that better. Is there a link that you may have that I can take a look at it?

                Thanks again guys!

                Comment

                Working...
                X