INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!

Talk With Other Members
Be Notified Of Responses
To Your Posts
Keyword Search
One-Click Access To Your
Favorite Forums
Automated Signatures
On Your Posts
Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Tek-Tips LinkedIn^® Group

Join our
LinkedIn^® Group!

Hook up with past and present colleagues and classmates quickly.

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site

(Download This Button Today!)

Feedback

"...Just to let you know...what a great site you have. I posted a pretty generic question yesterday and have had 8 responses already, anyway thanks again and keep up the good work..."

More...

Geography

Where in the world do Tek-Tips members come from?

Click Here To Find Out!

Tek-Tips Shirts!

Get your
Tek-Tips Forums
SWAG here!

Home > Forums > MIS/IT > Groupware & Mail Products > Microsoft: Exchange 2010 Forum

Security Alert-outlook 2010

Read More Threads Like This One

Encino40 (MIS)

8 Apr 12 17:02

I purchased a SSL cert and it works fine. My only issue is when you open Outlook 2010 I get a security Alert:
Encino-W2k8.mydomain.com
The security certificate is from a trusted certifying authority (Checked)

THe security Certificate date is valid (checked)

The name on the security certificate is invalid or does not match the name of the site (Red X).

WHen I did the cert I only did it for mail.mydomain.com
I can goto mail.mydomain.com and its fine. When I need to renew do I need a SAN cert that has the name of my server?

I can click Yes to proceed but just curious how to fix this so the error doesnt come up everytime outlook opens.

ShackDaddy (MIS)

8 Apr 12 23:57

You purchased a single-name cert when technically you should have purchased a SAN cert. It's still possible to use a single-name cert, (SBS 2011 uses a single name cert with Exchange 2010) but it's more complicated to set up.

At this point you need to use powershell to change the Internal/ExternalURL values for the WebServicesVirtualDirectory and several other virtual directories (although the others can be set in the GUI--you may have already done so). That URLs all need to match your cert, but right now the internal URLs still match your internal server name.

You will also need to change the AutodiscoverURI seen when you do a Get-ClientAccessServer so that that URL matches the cert too.

Lastly, you'll want to create a new forward lookup zone in your internal DNS that matches the name on your cert. So if your domain is monkeybrains.com and your cert is poo.monkeybrains.com, then you will NOT create a new forward lookup zone for MonkeyBrains.com and add an A-record for "poo". Instead you will create a new forward lookup zone for "poo.monkeybrains.com" and then create a blank (or @) A-record that points to the internal IP of your mail server. That will allow the name on your cert to be resolved internally as well as externally without disrupting your users ability to reach other monkeybrains.com websites.

Cheers!

Dave Shackelford
ThirdTier.net
TrainSignal.com

ShackDaddy (MIS)

9 Apr 12 0:57

BTW, this page gives you a walkthrough of some of what I'm describing: http://cohesivelogic.com/2011/01/exchange-2010-single-name-ssl-certificates/

Dave Shackelford
ThirdTier.net
TrainSignal.com