Outlook 2007 Certificate Error after installing SSL certificate

After installing a new SSL certificate and replacing the built in Exchange server 2007 certificate in order to enable and use RPC over http users are getting the following error:

“Name on the Security Certificate is Invalid or Does Not Match the Name on the Certificate”

outlook2007

 

This issue happens because internal clients  \ outlook users must be able  to resolve  the name on the certificate which is different from the external name.

To fix the issue we have two options:

1. buy a SAN certificate which has two names (internal and external)

2. Fix the issue by creating a new DNS zone, run a few commands from the exchange shell which point outlook users to the new zone.

I used option number two which took me 10 minutes to do.

Option 2

1.

First you create a new DNS zone in your DNS server using the address configured in your commercial certificate which is: mail.domainname.com , there for the new zone will be domanname.com

 2.

Create a Host (A) type record to point to your mail server´s IP , mail.yourdomain.com  (192.168.100.10).

 

3.

Log in to the Exchange server and run the 4 commands form the Exchange Shell (change the domain mame)

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.domain.com/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity “CAS_Server_Name\EWS (Default Web Site)” -InternalUrl https://mail.domain.com/ews/exchange.asmx

Set-OABVirtualDirectory -Identity “CAS_Server_name\oab (Default Web Site)” -InternalUrl https://mail.domain.com/oab

Set-UMVirtualDirectory -Identity “CAS_Server_Name\unifiedmessaging (Default Web Site)” -InternalUrl https://mail.domain.com/unifiedmessaging/service.asmx

 

After you type the commands, flush the dns on the client pc and test.

 

 


Posted

in

by