INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

New sha256RSA certificate causing Outlook security popups

New sha256RSA certificate causing Outlook security popups

(OP)
The sha1RSA certificate for our Exchange 2010 server was revoked by our Certificate Authority (GeoTrust) last week, apparently because all sha1 certificates have been deprecated. This blocked users from getting to Outlook Web Access on most browsers.

We were able to get a new certificate, but it does not have any SANs, and our Outlook clients connect to a SAN address xxx.xxx.lan (x's used here for security, but they have server names on them). I've updated all of our Exchange urls to point to mail.yyy.com, which is what our new certificate is for. I followed the tips here: http://serverfault.com/questions/690331/outlook-ss...

Now, every time a client computer opens Outlook, a Security Alert pops up with "The name on the security certificate is invalid or does not match the name of the site. Do you want to proceed?" You can click Yes and it will work, but this is obviously a nuisance.

Does anyone know what I can do to fix this? I've tried talking to the GeoTrust tech support team, but they said that they do not provide Exchange support.

Thanks!

- J. J.

RE: New sha256RSA certificate causing Outlook security popups

It sounds like you missed one. The most common one to miss is this one:

Set-ClientAccessServer -Identity "LocalServer" -AutodiscoverServiceInternalUri "https://mail.company.com/Autodiscover/Autodiscover..."

That controls autodiscover and will definitely throw a popup if it's using the old .lan name.

Dave Shackelford
ThirdTier.net

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close