• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Exchange 2007/Outlook 2007 SSL Certificate Problem

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> General >> Exchange 2007/Outlook 2007 SSL Certificate Problem Page: [1]
Login
Message << Older Topic   Newer Topic >>
Exchange 2007/Outlook 2007 SSL Certificate Problem - 16.Nov.2007 8:48:42 AM   
maxxfusion

 

Posts: 11
Joined: 21.Sep.2007
Status: offline
I setup Exchange 2007 on my server. The domain is nohc.local. I created a certificate  in the name nohmail.nohc.com since that is how I will be accessing OWA.

However, when I open Outlook  2007 I get a certificate error since the name of the server (nohmail.nohc.local) doesn't match the name on the certificate (nohmail.nohc.com).

How do I resolve this or prevent Outlook from displaying this message? 
Post #: 1
RE: Exchange 2007/Outlook 2007 SSL Certificate Problem - 16.Nov.2007 8:58:48 AM   
rishishah

 

Posts: 784
Joined: 14.Nov.2006
From: Surrey, UK
Status: offline
Assuming that your certificate's CA is trusted by your clients in the first place and it is just the name of the cert that is causing the error...

Try this... so that Outlook 2007 inside your orrganisation does not compliant setup a Forward lookup zone in your AD DNS with the name nohc.com and create an host hame nohmail in there with the IP Addresses of the Exchange Server.




_____________________________

Rishi Shah, MCP

Remember to backup before applying the advice. www.saiconsult.co.uk. Happy to provide Professional Exchange Server Consultancy to anywhere in the world.

(in reply to maxxfusion)
Post #: 2
RE: Exchange 2007/Outlook 2007 SSL Certificate Problem - 16.Nov.2007 9:02:25 AM   
maxxfusion

 

Posts: 11
Joined: 21.Sep.2007
Status: offline
I already have this setup in my dns.

Yes it is only complaining about the name.

(in reply to rishishah)
Post #: 3
RE: Exchange 2007/Outlook 2007 SSL Certificate Problem - 16.Nov.2007 9:06:23 AM   
rishishah

 

Posts: 784
Joined: 14.Nov.2006
From: Surrey, UK
Status: offline
are you sure that Outlook is not talking about the autodiscover.*.* certificate incompatability 



_____________________________

Rishi Shah, MCP

Remember to backup before applying the advice. www.saiconsult.co.uk. Happy to provide Professional Exchange Server Consultancy to anywhere in the world.

(in reply to maxxfusion)
Post #: 4
RE: Exchange 2007/Outlook 2007 SSL Certificate Problem - 16.Nov.2007 9:15:43 AM   
maxxfusion

 

Posts: 11
Joined: 21.Sep.2007
Status: offline
No.  Here is a screen shot.


(in reply to rishishah)
Post #: 5
RE: Exchange 2007/Outlook 2007 SSL Certificate Problem - 16.Nov.2007 9:21:00 AM   
maxxfusion

 

Posts: 11
Joined: 21.Sep.2007
Status: offline
Just found this MS Article. 940726

Warning message when you start Outlook 2007 and then connect to a mailbox that is hosted on an Exchange 2007-based server: "The name of the security certificate is invalid or does not match the name of the site"

(in reply to maxxfusion)
Post #: 6
RE: Exchange 2007/Outlook 2007 SSL Certificate Problem - 16.Nov.2007 9:52:14 AM   
rishishah

 

Posts: 784
Joined: 14.Nov.2006
From: Surrey, UK
Status: offline
check your offline address book distribution url in the EWS.

_____________________________

Rishi Shah, MCP

Remember to backup before applying the advice. www.saiconsult.co.uk. Happy to provide Professional Exchange Server Consultancy to anywhere in the world.

(in reply to maxxfusion)
Post #: 7
RE: Exchange 2007/Outlook 2007 SSL Certificate Problem - 16.Nov.2007 9:54:01 AM   
rishishah

 

Posts: 784
Joined: 14.Nov.2006
From: Surrey, UK
Status: offline
Can you also copy and paste the Test E-mail AUtoconfiguration output for Outlook 2007 please?

_____________________________

Rishi Shah, MCP

Remember to backup before applying the advice. www.saiconsult.co.uk. Happy to provide Professional Exchange Server Consultancy to anywhere in the world.

(in reply to rishishah)
Post #: 8
RE: Exchange 2007/Outlook 2007 SSL Certificate Problem - 16.Nov.2007 12:48:39 PM   
John Weber

 

Posts: 1236
Joined: 20.Apr.2005
From: Portland, Oregon
Status: offline
Just had this issue at a client.
This is NOT my material...got it from shudnow.net - and it worked for me.

YMMV.

Outlook 2007 Certificate Error?
When importing a new certificate into Exchange 2007, you might encounter a certificate error in Outlook 2007. I have included a screenshot of the error I encountered today:

When you choose the View Certificate button, it brings up another window that shows you what certificate is in error. In this case, the certificate name is “mail.shudnow.net.”
So the million dollar question? Why the error?
Well, when we install a new certificate, there are a few tasks we want to do. Obviously, we install the certificate for a purpose. This purpose is till allow us to use Exchange services securely. So how do we enable Exchange to use these services? If you are planning to do a very simple configuration and do not care about external Autodiscover access, you do not need to use a Unified Communication Certificate. You can read more about these certificates in one of my other articles here.
So let’s say we have a simple regular common certificate. A certificate with a Common Name (CN) of mail.shudnow.net We install this certificate onto our Exchange box with its’ private key. In our case we were migrating so we did not have to request a certificate via IIS. We just exported it with its’ private key and imported onto the new box. We then assigned this certificate to IIS. Now I went to the Exchange Management Shell and enabled Exchange services to use this certificate. In order to do this, you must run the following commands:
Get-ExchangeCertificate
Thumbprint Services Subject
———- ——– ——-
BCF9F2C3D245E2588AB5895C37D8D914503D162E9 SIP.W CN=mail.shudnow.net.com
What I did was go ahead and enable all new services to use every available service by using the following command:
Enable-exchangecertificate -services IMAP, POP, UM, IIS, SMTP -Thumbprint BCF9F2C3D245E2588AB5895C37D8D914503D162E9
The next step would be to ensure the AutodiscoverInternalURI is pointed to the CAS that will be your primary CAS for Autodiscover servicing.
Get-ClientAccessServer -Identity CASServer | FL
AutoDiscoverServiceInternalUri : https://casnetbiosname/Autodiscover/Autodiscover.xml
See the issue here? We are not using a UC certificate that contains the names, “casnetbiosname, casnetbiosname.shudnow.net, mail.shudnow.net, and autodiscover.shudnow.net” Since the Autodiscover directory in IIS will be requring SSL encryption, the url specified in the AutoDiscoverServiceInternalURI must match what is specified in your certificate. You must also ensure there is a DNS record that allows mail.shudnow.net to resolve to your CAS. We should re-configure the AutoDiscoverServiceInternalURI by using the following command:
Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUri https://mail.shudnow.net/Autodiscover/Autodiscover.xml
We now need to go configure all the InternalURLs for each web distributed service. Here is the reason why we were receiving the certificate errors. Your InternalURLs most likely are not using mail.shudnow.net. Your InternalURLs are most likely pointed to something such as https://casnetbiosname/ServiceURL which will fail since this is not the CN of your simple certificate.
You can run the following commands to fix your internalURLs so your Outlook 2007 client can successfully take advantage of your web distribution services.
Set-WebServicesVirtualDirectory -Identity “CASServer\EWS (Default Web Site)” -InternalURL https://mail.shudnow.net/EWS/Exchange.asmx -BasicAuthentication:$true
Set-OABVirtualDirectory -Identity “CASServer\OAB (Default Web Site)” -InternalURL https://mail.shudnow.net/OAB -BasicAuthentication:$true
Enable-OutlookAnywhere -Server CASServer -ExternalHostname “mail.shudnow.net” -ExternalAuthenticationMethod “Basic”-SSLOffloading:$False
Set-ActiveSyncVirtualDirectory -Identity “CASServer\Microsoft-Server-ActiveSync (Default Web Site)” -ExternalURL https://mail.shudnow.net/Microsoft-Server-Activesync
Set-UMVirtualDirectory -Identity “CASServer\UnifiedMessaging (Default Web Site)” -InternalURL https://mail.shudnow.net/UnifiedMessaging -BasicAuthentication:$true

(in reply to maxxfusion)
Post #: 9
RE: Exchange 2007/Outlook 2007 SSL Certificate Problem - 13.Dec.2007 2:30:43 PM   
ewall

 

Posts: 22
Joined: 19.Jan.2007
From: Portland, Maine, USA
Status: offline
For future reference for those who find this thread via Google... the  solution explained at length in the above post from shudnow.net is the same as the "official" answer from the Microsoft Knowledge Base article (also linked above) at http://support.microsoft.com/kb/940726/en-us

< Message edited by ewall -- 13.Dec.2007 2:32:50 PM >


_____________________________

~ewall

(in reply to John Weber)
Post #: 10
RE: Exchange 2007/Outlook 2007 SSL Certificate Problem - 6.May2008 8:03:05 PM   
Elan Shudnow

 

Posts: 897
Joined: 4.Jan.2007
From: Chicago, IL
Status: offline
quote:

ORIGINAL: ewall

For future reference for those who find this thread via Google... the  solution explained at length in the above post from shudnow.net is the same as the "official" answer from the Microsoft Knowledge Base article (also linked above) at http://support.microsoft.com/kb/940726/en-us


I remember when I encountered this issue at my client and we tried so many things to resolve the error until the culprit dawned on me.  I tried to search forever trying to figure out the problem.  A few days after I created my blog entry they came out wiht that KB.  If only they had that KB the day I was working and resolved the issue!!!!

If MS would have had that KB up, I probably wouldn't have bothered creating the article.  Seems like a lot of people are running into the issue and I still have a lot of hits on the article because of it.  So I guess it's good that I still created it though.  As long as it helps people, I am happy.

_____________________________

Elan Shudnow
Exchange MVP
http://www.shudnow.net

(in reply to ewall)
Post #: 11
RE: Exchange 2007/Outlook 2007 SSL Certificate Problem - 7.Aug.2010 7:40:18 AM   
parisiscott

 

Posts: 15
Joined: 5.Aug.2010
Status: offline
This failure occur due a certificate mismatch that Outlook 2007 try to use to create a
secure channel between the client to the server. try following url to resolve dis prob
http://support.microsoft.com/kb/555842



Scott Parisi
http://www.exchange2003recovery.com/

(in reply to Elan Shudnow)
Post #: 12

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> General >> Exchange 2007/Outlook 2007 SSL Certificate Problem Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter