After installing a new SSL certificate and replacing the built in Exchange server 2007 certificate in order to enable and use RPC over http users are getting the following error:
“Name on the Security Certificate is Invalid or Does Not Match the Name on the Certificate”
This issue happens because internal clients \ outlook users must be able to resolve the name on the certificate which is different from the external name.
To fix the issue we have two options:
1. buy a SAN certificate which has two names (internal and external)
2. Fix the issue by creating a new DNS zone, run a few commands from the exchange shell which point outlook users to the new zone.
I used option number two which took me 10 minutes to do.
First you create a new DNS zone in your DNS server using the address configured in your commercial certificate which is: mail.domainname.com , there for the new zone will be domanname.com
Create a Host (A) type record to point to your mail server´s IP , mail.yourdomain.com (192.168.100.10).
Log in to the Exchange server and run the 4 commands form the Exchange Shell (change the domain mame)
Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri https://mail.domain.com/autodiscover/autodiscover.xml
Set-WebServicesVirtualDirectory -Identity “CAS_Server_Name\EWS (Default Web Site)” -InternalUrl https://mail.domain.com/ews/exchange.asmx
Set-OABVirtualDirectory -Identity “CAS_Server_name\oab (Default Web Site)” -InternalUrl https://mail.domain.com/oab
Set-UMVirtualDirectory -Identity “CAS_Server_Name\unifiedmessaging (Default Web Site)” -InternalUrl https://mail.domain.com/unifiedmessaging/service.asmx
After you type the commands, flush the dns on the client pc and test.