• Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Certificate Warning from Outlook 2007

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> Management >> Certificate Warning from Outlook 2007 Page: [1]
Message << Older Topic   Newer Topic >>
Certificate Warning from Outlook 2007 - 24.Apr.2007 10:31:59 AM   


Posts: 49
Joined: 11.Oct.2006
Status: offline
I am having users with my internal network.  My users are getting errors that the certificate from the exchange 2007 server is incorrect when using outlook 2007.

I know that the error is VALID, I just want to turn this pop up message off! I had to set the certificate on the exchange server to match the website which is not the same internally hence the problem.

Could someone please help?
Post #: 1
RE: Certificate Warning from Outlook 2007 - 26.Apr.2007 2:11:23 AM   
Henrik Walther


Posts: 6928
Joined: 21.Nov.2002
From: Copenhagen, Denmark
Status: offline
You got two options:

  • Buy yourself a SAN certificate (pricing around 600$), which supports subject alternative names
  • Create additional web sites for the Autodiscover and EAS/OWA/Outlook Anywhere, then keep the self-signed cert on the default web site.


Henrik Walther
Lead Moderator/author

Follow me on Twitter!

(in reply to bozard)
Post #: 2
RE: Certificate Warning from Outlook 2007 - 21.Jun.2007 3:29:11 AM   


Posts: 4
Joined: 21.Jun.2007
Status: offline
I've had this same problem, so I created addtional websites and kept the self-signed cert for those, following these instructions: http://www.sembee.co.uk/archive/2007/01/21/34.aspx

This fixed the problem for most users, but there are still some computers on the network that are getting the certificate error, no matter which user logs in to use outlook, which means its more than likely a computer issue.

Anyone have any suggestions?

(in reply to Henrik Walther)
Post #: 3
RE: Certificate Warning from Outlook 2007 - 22.Jun.2007 10:27:28 PM   


Posts: 4
Joined: 21.Jun.2007
Status: offline
I investigated this issue a little further and since I have two IPs setup on my mail server ( - for internal mail,, for external mail with SSL) some computers are using the IP for exchange mail, thus getting the SSL popup, can I limit which IP outlook 2007 uses for internal exchange mail?

(in reply to mantrl)
Post #: 4
RE: Certificate Warning from Outlook 2007 - 23.Jun.2007 3:29:48 AM   


Posts: 423
Joined: 24.Feb.2003
From: India
Status: offline
Set your External and Internal names of the cas server to the "name" designated on the certificate. This is a classical example where you generate a certificate and etc etc etc...
Assuming that you have generated a server certificate for the external interface ( webmail.abc.com for example), then you'd need to do the following.
Set-ClientAccessServer –AutodiscoverServiceInternalUri  https://webmail.abc.com/autodiscover/autodiscover.xml
Set-WebServicesVirtualDirectory –InternalUrl https://webmail.abc.com/ews/exchange.asmx
Set-OabVirtualDirectory –InternalUrl https://webmail.abc.com/oab


(in reply to mantrl)
Post #: 5
RE: Certificate Warning from Outlook 2007 - 5.Jul.2007 5:45:25 PM   


Posts: 4
Joined: 8.Jan.2007
Status: offline
I had tried all of the steps found on the links in the this thread, but finally figured it out with this Technet article:

Configuring Exchange to Use an SSL Certificate with Redirection

To configure your Outlook Anywhere deployment to use an SSL certificate with redirection, you must do the following:
  1. Configure a valid SSL certificate   You must obtain a valid SSL certificate from a certification authority (CA) that is trusted by the client computer's operating system. For more information about how to use SSL for Exchange 2007 client access, see Managing SSL for a Client Access Server. After you acquire a valid SSL certificate, apply the certificate to the default Web site of your Client Access server.
  2. Configure the URLs for Exchange services   You must configure the external and internal URLs for your available Exchange services to point to the default Web site, for example, mail.contoso.com. For more information about how to set the URLs for the Exchange services, see How to Configure Exchange Services for the Autodiscover Service.
  3. Configure the service connection point object   You must configure the service connection point (SCP) object to use a site dedicated to handling e-mail, for example, mail.contoso.com. You do this by running the following command:

    Copy Code
    Set-ClientAccessServer -id <CAS01> -AutoDiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml
  4. Configure the IP address for the default Web site   You must set the default Web site to listen on only one IP address. After you have done this, bind an additional IP address to the network adapter, also known as a NIC, for the Client Access server.
  5. Create a new Web site in IIS   Use Internet Information Services (IIS) to create a new Web site. Create a new folder named Autodiscover_redirect in the file system under C:\Inetpub.


    You must allow Read and Anonymous access to the Web site that you create.
  6. Create the Autodiscover redirect   Use Windows Explorer to locate the folder that you created named Autodiscover_redirect. Create a new folder named Autodiscover in the Autodiscover redirect folder, and then use a text editor to create a new blank text file that has the name Autodiscover.xml in the Autodiscover folder.
  7. Configure the new Web site   You must configure the new Web site that you created to redirect to the site that is dedicated to handling e-mail, for example, mail.contoso.com. In IIS Manager, right-click the Autodiscover.xml file that you created, and then click Properties. On the Properties page, select A redirection to a URL, and then enter the same information that you used to configure the SCP object. For example, https://mail.contoso.com/autodiscover/autodiscover.xml.
  8. Test your results   After you have completed all these steps, you must make sure that the site that you are using to handle e-mail, for example, mail.contoso.com, can be resolved internally and externally by using your Outlook 2007 client.

Hope this helps some people.

< Message edited by thomforeman -- 9.Jul.2007 4:41:46 PM >

(in reply to BeTaCam)
Post #: 6
RE: Certificate Warning from Outlook 2007 - 5.Jul.2007 6:16:48 PM   


Posts: 4
Joined: 8.Jan.2007
Status: offline
I spoke to soon. I still have the issue.

(in reply to thomforeman)
Post #: 7
RE: Certificate Warning from Outlook 2007 - 10.Jan.2008 4:50:24 PM   


Posts: 100
Joined: 6.Jul.2007
Status: offline
POP3 account settings ...i get this warning only in outlook 2007 but works fine with outlook 2003.
"The server you are connected to is using a security certificate that could
not be verified. the target principle name is incorrect." 
Do you want to continue using this server? y/n"

I always answer yes, Outlook retrieves my e-mail and everything works fine.
It does this every time I open Outlook.


MIDOOooo - Mohamed Talaat
Enterprise Support Engineer
Vodafone -Egypt.

(in reply to Henrik Walther)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> Management >> Certificate Warning from Outlook 2007 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts

Follow TechGenix on Twitter