Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security Alert-outlook 2010 1

Status
Not open for further replies.
Encino40

Encino40

MIS
Apr 6, 2012
19
CA
I purchased a SSL cert and it works fine. My only issue is when you open Outlook 2010 I get a security Alert:
Encino-W2k8.mydomain.com
The security certificate is from a trusted certifying authority (Checked)

THe security Certificate date is valid (checked)

The name on the security certificate is invalid or does not match the name of the site (Red X).

WHen I did the cert I only did it for mail.mydomain.com
I can goto mail.mydomain.com and its fine. When I need to renew do I need a SAN cert that has the name of my server?

I can click Yes to proceed but just curious how to fix this so the error doesnt come up everytime outlook opens.
 
Sort by date Sort by votes
You purchased a single-name cert when technically you should have purchased a SAN cert. It's still possible to use a single-name cert, (SBS 2011 uses a single name cert with Exchange 2010) but it's more complicated to set up.

At this point you need to use powershell to change the Internal/ExternalURL values for the WebServicesVirtualDirectory and several other virtual directories (although the others can be set in the GUI--you may have already done so). That URLs all need to match your cert, but right now the internal URLs still match your internal server name.

You will also need to change the AutodiscoverURI seen when you do a Get-ClientAccessServer so that that URL matches the cert too.

Lastly, you'll want to create a new forward lookup zone in your internal DNS that matches the name on your cert. So if your domain is monkeybrains.com and your cert is poo.monkeybrains.com, then you will NOT create a new forward lookup zone for MonkeyBrains.com and add an A-record for "poo". Instead you will create a new forward lookup zone for "poo.monkeybrains.com" and then create a blank (or @) A-record that points to the internal IP of your mail server. That will allow the name on your cert to be resolved internally as well as externally without disrupting your users ability to reach other monkeybrains.com websites.

Cheers!

Dave Shackelford
ThirdTier.net
TrainSignal.com
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
1K
DrB0b
DrB0b
microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
2K
microsGuy16
microsGuy16
dajohnso
  • Locked
  • Question
Outlook POP3 cant connect to exchange 2007
Replies
3
Views
126
BN75
BN75
ADB100
  • Locked
  • Question
Outlook 2016 thumbnail photos & OAB oddness
Replies
0
Views
75
ADB100
ADB100
Beni Santoso
  • Locked
  • Question
pop3 account setup failed at outlook because client was not authenticated to send anonymous mail
Replies
1
Views
106
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top