Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Certificate Issue 1

Status
Not open for further replies.

TekSolutions

IS-IT--Management
Jul 15, 2011
71
I recently had to renew my SSL certificate.

Now every time I open Outlook I get a security alert. The alert reads:

autodiscover.mydomain.com

Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the sites security certificate.

[green check mark] The security certificate is from a trusted certifying authority

[green check mark] The security certificate date is valid

[RED X] The name of the security certificate is invalid or does not match the name of the site

Do you want to proceed?

Viewing the certificate verifies that it was issued to mail.mydomain.com which is correct.

I do have autodiscover set up. I did not have this problem until I renewed the certificate.

I have rekeyed the certificate so many times that it is getting old. When open the outlook web app everything is fine, I get no errors. I also get no errors on my phone or tablet. When I issued a new certificate with in exchange mail and autodiscover were in the list of Certificate Domains.

Any assistance would be greatly appreciated
 
Ok I am in a catch 22 here.

If I remove the cname as ShackDaddy suggests, I no longer get the error that I mention in my OP.

However without the cname, when attempting to set up a new account in Outlook 2010 I get a new error.

An encrypted connection to your mail server is not available
Click next to attempt using an encrypted connection
 
Get rid of both your internal and external Autodiscover CNAMES. Set up an external SRV record.

That error you are getting should only be seen the first time you set up a new profile, not at all after that.

When Outlook asks for authentication, use domain\username not username@domainname

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
So despite what the message says the connection is encrypted?

Should I also create and SRV in private DNS as well?
 
The internal network uses whatever you have defined in the AutodiscoverServiceInternalURI setting, and that points to "mail.mydomain.com" so you are fine internally.

Were any of your workstations ever set up to connect to mailboxes at Office365? There's a known issue for systems that were to have that encryption error.

I think the connection for mail transmission is still encrypted, it was the initial transmission of autodiscover information during setup that wasn't.

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top