• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Solved:Exchange 2007 ssl certificate problem

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2003] >> Installation >> Solved:Exchange 2007 ssl certificate problem Page: [1]
Login
Message << Older Topic   Newer Topic >>
Solved:Exchange 2007 ssl certificate problem - 23.Feb.2009 1:35:33 PM   
thomasb

 

Posts: 21
Joined: 23.Oct.2008
Status: offline
 Hi,

We have an windows 2008 server with Exchange 2007 SP1 installed.
I have setup outlook anywhere on this server, and got it to work on my cell phone and external clients with outlook 2007.

But now when the local client logons we get the error that the our certificate is wrong.
The name of the security certificate is invalid or does not match the name of the site

Before i installed the certificate on the server everything on the clients worked just fine. I have search high and low on internet for an solution, and as far as i can see everyone talking about changing external and internal FQDN

I have changed our internal address to the same as the external and i have included the external address in dns with an pointer to our local exhange server.

But still no luck.
The certificate is bought at godaddy.com (Does this have anything to say?)

I haven't installed anything on the clients, but i have tried to setup the client computer with outlook anywhere settings, but then i only got the logon box up.
And no matter what i typed in wouldn't log in.

Hopefully someone of you can help me with this issue?

And i apologize in advance if the answer is already on the forum, but hopefully someone of you will point me there :D

Regards,
Thomas Borge

< Message edited by thomasb -- 17.Mar.2009 2:13:05 PM >
Post #: 1
RE: Exchange 2007 ssl certificate problem - 23.Feb.2009 4:39:03 PM   
jveldh

 

Posts: 2335
Joined: 12.Apr.2008
From: The Netherlands
Status: offline
Thomas,

What kind of certificate have you bought a wildcard or a SAN ?
To make sure all internal and external url's are correct have a look at the following site:
http://www.exchangeninjas.com/set-allvdirs

This contains a script which let's you set all the virtual directories for Exchange to the one you specify.



_____________________________

Best regards,

Johan Veldhuis

Visit my Exchange blog

(in reply to thomasb)
Post #: 2
RE: Exchange 2007 ssl certificate problem - 23.Feb.2009 4:47:09 PM   
thomasb

 

Posts: 21
Joined: 23.Oct.2008
Status: offline
Thanks for fast reply, i have tried a little bit more since i came over an article about setting up outlook anywhere.
http://www.amset.info/exchange/singlenamessl.asp

After a little tweaking i got it to work on the clients.
But now i have another problem, i think it's just ports missing in the firewall.

We have some laptop clients that also travels out of office and they uses the outlook anywhere solution, but when they are in the office they is only getting the logon box when trying to connect to their email.

Outside the office everything works fine, and i have checked that all urls points to the external address.

Do you have any tips for me here? I will also read the article you added to see if i can find anything there.

Ps. I think it is an wildcard ssl i bought, can't say i saw it say anything (It cost 12$ year)

Regards
Thomas

(in reply to jveldh)
Post #: 3
RE: Exchange 2007 ssl certificate problem - 25.Feb.2009 1:58:30 AM   
anil.chopra

 

Posts: 26
Joined: 20.Feb.2009
Status: offline
Hi,
 
Could you mention the FQDN on the SSL along with the URL mentioned in the Exchange proxy setting on the outlook of the laptop users. If not allowed by the security policy of your organization then just mention that if the FQDN on the SSL matches the URL in the outlook, exchange proxy settings.
 
Please also check for the checkbox for the option 'on fast network connect using HTTP first, then connect using TCP/IP'. Ideally this option should be left as unchecked or roaming users so that when they are on LAN they should use TCP/IP (fast network) to connect to exchange.
 
Regards..Anil

_____________________________

Certified Information Systems Auditor
Certified Information Security Manager
ITIL v3 Foundation
Microsoft Certified Systems Engineer

(in reply to thomasb)
Post #: 4
RE: Exchange 2007 ssl certificate problem - 25.Feb.2009 5:45:09 AM   
thomasb

 

Posts: 21
Joined: 23.Oct.2008
Status: offline
Hi Anil,

I have checked that the FQDN is the same as on the SSL (webmail.domain.com)
The checkbox is also checked.

When outside the office everything works fine and it logs on, but not inside :(
I haven't changed any security policys.

I guess we have to change anything in our firewall, but is only the 443 port that outlook anywhere needs?
Do you have any other suggestions?

Thanks for your reply

Regards
Thomas Borge

(in reply to anil.chopra)
Post #: 5
RE: Exchange 2007 ssl certificate problem - 10.Mar.2009 3:30:25 PM   
David in Denmark

 

Posts: 1
Joined: 10.Mar.2009
Status: offline
Hi Thomas,

I was thinking that it might be the external authentication method chosen when enabling Outlook Anywhere. You can select Basic or NTLM authentication (if you support it). Choosing Basic authentication will require your users to enter their password every time they open Outlook, even in the office.

(in reply to thomasb)
Post #: 6
RE: Exchange 2007 ssl certificate problem - 10.Mar.2009 3:44:42 PM   
thomasb

 

Posts: 21
Joined: 23.Oct.2008
Status: offline
Hi David,

Thanks for your reply.

Yes the basic authentication i have figured out asks for an username and password each time you open the outlook.

I accomplished this after a lot of  reading around :D
But i haven't accomplished to use ntlm authentication in our system.
Then i only get the logon box everytime and no matter what i type in in the username and password box it only asks again and again :(

Can this be an firewall problem? Doesn't ntlm use the same ports as RPC?

Regards
Thomas Borge

(in reply to David in Denmark)
Post #: 7
RE: Exchange 2007 ssl certificate problem - 17.Mar.2009 2:12:29 PM   
thomasb

 

Posts: 21
Joined: 23.Oct.2008
Status: offline
Hi,

This issue is now fixed.
It seems that it was the firewall not allowing NTLM.
We changed to a new firewall now and then it worked, sow on he firewall we had we could only use basic authentication

For those wondering we had an Zyxel Zywall 5 UTM.

Thanks for all your help on this issue we had :D

Regards
Thomas

(in reply to thomasb)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2003] >> Installation >> Solved:Exchange 2007 ssl certificate problem Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter