Windows Thread, Exchange 2007 & SSL hell! in Technical; Hi all,
Trying to sort out an SSL mess with our Exchange 2007 box. When I first built exchange I ...
28th October 2009, 12:08 PM #1
Exchange 2007 & SSL hell!
Trying to sort out an SSL mess with our Exchange 2007 box. When I first built exchange I created a self signed cert because we don't publish email externally. which worked great until it expired a year later. To cut a long story short I have now got a certificate from IPSCA.com , and we now have OWA working correctly on SSL. However, we are still having SSL issues....
I'm not able to sync a HP ipaq with my computer via USB as it returns: The security certificate on the server is not valid. Contact your Exchange Server Administrator or ISP to install a valid certificate on the server. Support Code: 80072f0d
Out of Office will not work in Outlook 2007 only in OWA.
Autodiscover testing returns a remote certificate name mismatch.
On Exchange Best Practise Analyzer, we have a few errors:
1) Certificate has expired - The SSL certificate for https://domain.org
2) Certificate principal mismatch - The principal SSL certificate for https://domain.org does not appear to match the host address.
3) Certificate SAN mismatch - The subject alternative name (SAN) of SSL certificat for the IMAP4 service on server mailserver does not appear to match the host address. Host address: mailserver Current SAN: no alternative name.
Our certificate is for domain.local because we don't need to authenticate with domain.org as we only ever authenticate internally. Do we need to get a different certificate?
If anyone's got any suggestions they would be gratefully received!
IDG Tech News
28th October 2009, 02:43 PM #2
- Rep Power
Your SSL Certificate needs to contain all the names that you will use to access the server. See How to use SSL Certificates with Exchange 2007 for more info
If you only access it with the internal name, you should be able to disable autodiscover or change the autodiscover address to the local name and have it work. See Outlook 2007 Certificate Error? | Elan Shudnow's Blog or Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of for info on how to change the autodiscover name.
Since it says the certificate is expired, you should also make sure that the correct certificate is being given out by the server. Use SSL Checker - SSL Certificate Verify to verify this.
29th October 2009, 02:07 PM #3
Thanks for your post robertss, we've now got it all sorted. We did have to redo our self certified SAN certificate with the help of SSL Certificates DigiCert Digital SSL Certificate Authority and added all the necessary names to it. This didn't solve all of our problems though, we had to rebuild our offline address book, autodiscover and change the out of office URL.. but all working now!
After installing the new certificate onto the Ipaq's they are now synchronising too, what a successful day!
By Edu-IT in forum Windows Server 2000/2003
Last Post: 7th September 2009, 10:10 AM
By wesleyw in forum Windows
Last Post: 14th August 2009, 01:21 PM
By jdibsdale in forum Windows
Last Post: 29th May 2009, 07:40 PM
By boomam in forum Windows
Last Post: 11th May 2009, 01:52 PM
By burgemaster in forum Windows
Last Post: 8th May 2008, 10:57 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)