SSL problem in Outlook 2007. (Full Version)

All Forums >> [Microsoft Exchange 2010] >> Installation



Message


tlarrea -> SSL problem in Outlook 2007. (18.Oct.2010 1:03:46 AM)

I'm in the process of performing an upgrade from Exchange 2003 to Exchange 2010. I've installed hub,CAS and mailbox roles to a single virtual server, and edge transport to a 2nd virtual server. On the CAS i have installed our wildcard SSL cert for our external mail domain. I've gotten to the stage of moving mailboxes to the new server.

When accessing a mailbox that has been moved to the new server from and internal domain based Outlook 2007 client, I get a warning stating that the name on the certificate does not match the name of the site. This pops up twice in a row and if i click yes both times i can access outlook without further issues. Clicking more information shows that the certificate being used is our external public domain cert, but that the server name used to access is the internal private domain.

I did a little searching around and found http://support.microsoft.com/kb/940726/en-us but that did not resolve my problem. Looking at the certificates in Exchange Management Console, I can see that the public SSL cert is enabled only for the IIS service, and removing that service from the certificate resolves the problem, but presumably, the certificate is needed for OWA access?

Do I have to go the route of a Subject Alternate Name Cert, or is there another way to correct this?




rishishah -> RE: SSL problem in Outlook 2007. (18.Oct.2010 6:37:23 AM)

Sorry but you do need a SAN certificate.

You could go down the route of your own Microsoft CA and free certs if you wish.




tlarrea -> RE: SSL problem in Outlook 2007. (18.Oct.2010 5:54:52 PM)

quote:

ORIGINAL: rishishah

Sorry but you do need a SAN certificate.

You could go down the route of your own Microsoft CA and free certs if you wish.


I already have an MS CA on our network, but if I use that to generate the certificate when users access this from home/remotely, their machine will not accept the certificate as from a valid authority?




de.blackman -> RE: SSL problem in Outlook 2007. (19.Oct.2010 8:53:00 AM)

Tlarrea,

you are correct in that using an internal certificate WILL not be trusted by users who will connect from their home machines. They will have to have the root certificate from your CA installed for it to work...hence the reason why rishishah (and I do as well!) strongly recommends using a publicly obtained SAN certificate. Entrust is a well-known trusted certificate provider and they charge about 450$ for a SAN certificate!




Page: [1]