Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Your certificate request was denied
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Your certificate request was denied - 16.Oct.2008 6:00:13 AM
|
|
|
sjusq
Posts: 15
Joined: 7.Aug.2008
Status: offline
|
Hello All .
I have outlook anywhere authnitication problem , it's not connect using https , it's use TCP/IP instead , I think the problem exist on the exchange certificate name , am geting this error after configuring outlook anywhere .
"
There is a problem with the proxy server's security certificate , the name on the security certificate is invalid or does not match the name of the target ...
"
I tried to create new exchange self signed certificate , and when i request the certificate through web from our CA , when i click submit i recieve this error :
Your certificate request was denied.
Your Request Id is 0. The disposition message is "Error Parsing Request The request subject name is invalid or too long. 0x80094001 (-2146877439)".
even i type every possible DNS name in the subject name filed while am creating the certificate .
Any Help Please .
|
|
|
|
|
RE: Your certificate request was denied - 16.Oct.2008 9:54:45 AM
|
|
|
de.blackman
Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
|
I take it that you are attempting to connect to a mailbox from inside the LAN? What happens when you try to connect from outside the network? What is the internal name of the exchange server? Is this name on the certificate?
Check the properties of the Outlook profile. In the Exchange HTTP Settings page, do you have both "on fast networks, connect using...." and "on slow networks, connect using..." selected??
_____________________________
Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna
|
|
|
|
|
RE: Your certificate request was denied - 19.Oct.2008 3:31:14 AM
|
|
|
sjusq
Posts: 15
Joined: 7.Aug.2008
Status: offline
|
Dear de.blackman .
Thanks alot to reply .
yes I am trying to connect to a mailbox from inside my LAN , and basically i want to test from inside the LAN first , i dont try to test it externally .
CAS Server name is cas.mydomain.com , and I type all the possible names inside the self signed certificate including mail.mydomain.com , cas.mydomain.com , casServerName.mydomain.com , autodiscover.mydomain.com , NetBiosCasName .
Yes i did , i checked it to use HTTPS first in both cases ?
what do u think about the Sembee post ??????
Wait your reply .
Bye Bye
|
|
|
|
|
RE: Your certificate request was denied - 10.Nov.2008 1:21:22 PM
|
|
|
invitro
Posts: 27
Joined: 10.May2005
From: NYC
Status: offline
|
When I saw this thread I was pretty disheartened. I wanted to use our internal certificate authority to generate the Subject Alternative Name Web certificate. After maybe the 8th iteration of generating the requests I got it. Here was steps:
New-Exchangecertificate -domainname server01.acmeindustries.com,server01.acmeindustries.corp,server01 -Friendlyname acmeindustriesco -generaterequest:$true -keysize 1024 -path c:\Certificates\certrequest.req -privatekeyexportable:$true –subjectname "DC=acmeindustries, DC=com, CN=server01.acmeindustries.com"
Import-Exchangecertificate -path c:\Certificates\server01SAN.cer
Enable-Exchangecertificate -services IMAP,POP,UM,IIS,SMTP -thumbprint 8428594#####################3A9D
Set-ClientAccessServer -identity server01 -AutoDiscoverServiceInternalUri "https://server01/Autodiscover/Autodiscover.xml"
Set-WebServicesVirtualDirectory -identity "EWS (Default Web Site)" -InternalURL "https://server01/EWS/Exchange.asmx"
Set-OABVirtualDirectory -identity "OAB (Default Web Site)" -InternalURL "http://server01/OAB"
Set-UMVirtualDirectory -identity "UnifiedMessaging (Default Web Site)" -InternalURL "https://server01/UnifiedMessaging/Services.asmx"
|
|
|
|
|
RE: Your certificate request was denied - 10.Nov.2008 1:25:28 PM
|
|
|
Sembee
Posts: 4093
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline
|
quote:
ORIGINAL: invitro
When I saw this thread I was pretty disheartened. I wanted to use our internal certificate authority to generate the Subject Alternative Name Web certificate. After maybe the 8th iteration of generating the requests I got it. Here was steps:
New-Exchangecertificate -domainname server01.acmeindustries.com,server01.acmeindustries.corp,server01 -Friendlyname acmeindustriesco -generaterequest:$true -keysize 1024 -path c:\Certificates\certrequest.req -privatekeyexportable:$true –subjectname "DC=acmeindustries, DC=com, CN=server01.acmeindustries.com"
Import-Exchangecertificate -path c:\Certificates\server01SAN.cer
Enable-Exchangecertificate -services IMAP,POP,UM,IIS,SMTP -thumbprint 8428594#####################3A9D
Set-ClientAccessServer -identity server01 -AutoDiscoverServiceInternalUri "https://server01/Autodiscover/Autodiscover.xml"
Set-WebServicesVirtualDirectory -identity "EWS (Default Web Site)" -InternalURL "https://server01/EWS/Exchange.asmx"
Set-OABVirtualDirectory -identity "OAB (Default Web Site)" -InternalURL "http://server01/OAB"
Set-UMVirtualDirectory -identity "UnifiedMessaging (Default Web Site)" -InternalURL "https://server01/UnifiedMessaging/Services.asmx"
How long did you spend on that?
Is your time worth that little? SAN/UC certificates are US$60 a year. Sometimes you have to simply say enough and do it the correct way.
Unless the server is not exposed to the internet then using an internal CA is close to pointless, as you will get certificate prompts.
Simon.
_____________________________
Simon Butler,
Exchange MVP
Blog: http://blog.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.sembee.co.uk/
Exchange Resources: http://exbpa.com/
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
