• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SSL problem in Outlook 2007.

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2010] >> Installation >> SSL problem in Outlook 2007. Page: [1]
Login
Message << Older Topic   Newer Topic >>
SSL problem in Outlook 2007. - 18.Oct.2010 1:03:46 AM   
tlarrea

 

Posts: 4
Joined: 30.Jan.2006
Status: offline
I'm in the process of performing an upgrade from Exchange 2003 to Exchange 2010. I've installed hub,CAS and mailbox roles to a single virtual server, and edge transport to a 2nd virtual server. On the CAS i have installed our wildcard SSL cert for our external mail domain. I've gotten to the stage of moving mailboxes to the new server.

When accessing a mailbox that has been moved to the new server from and internal domain based Outlook 2007 client, I get a warning stating that the name on the certificate does not match the name of the site. This pops up twice in a row and if i click yes both times i can access outlook without further issues. Clicking more information shows that the certificate being used is our external public domain cert, but that the server name used to access is the internal private domain.

I did a little searching around and found http://support.microsoft.com/kb/940726/en-us but that did not resolve my problem. Looking at the certificates in Exchange Management Console, I can see that the public SSL cert is enabled only for the IIS service, and removing that service from the certificate resolves the problem, but presumably, the certificate is needed for OWA access?

Do I have to go the route of a Subject Alternate Name Cert, or is there another way to correct this?
Post #: 1
RE: SSL problem in Outlook 2007. - 18.Oct.2010 6:37:23 AM   
rishishah

 

Posts: 784
Joined: 14.Nov.2006
From: Surrey, UK
Status: offline
Sorry but you do need a SAN certificate.

You could go down the route of your own Microsoft CA and free certs if you wish.

_____________________________

Rishi Shah, MCP

Remember to backup before applying the advice. www.saiconsult.co.uk. Happy to provide Professional Exchange Server Consultancy to anywhere in the world.

(in reply to tlarrea)
Post #: 2
RE: SSL problem in Outlook 2007. - 18.Oct.2010 5:54:52 PM   
tlarrea

 

Posts: 4
Joined: 30.Jan.2006
Status: offline
quote:

ORIGINAL: rishishah

Sorry but you do need a SAN certificate.

You could go down the route of your own Microsoft CA and free certs if you wish.


I already have an MS CA on our network, but if I use that to generate the certificate when users access this from home/remotely, their machine will not accept the certificate as from a valid authority?

(in reply to rishishah)
Post #: 3
RE: SSL problem in Outlook 2007. - 19.Oct.2010 8:53:00 AM   
de.blackman

 

Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
Tlarrea,

you are correct in that using an internal certificate WILL not be trusted by users who will connect from their home machines. They will have to have the root certificate from your CA installed for it to work...hence the reason why rishishah (and I do as well!) strongly recommends using a publicly obtained SAN certificate. Entrust is a well-known trusted certificate provider and they charge about 450$ for a SAN certificate!

_____________________________

Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator
Navantis
@IbrahimBenna

(in reply to tlarrea)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2010] >> Installation >> SSL problem in Outlook 2007. Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter