+ Post New Thread
Results 1 to 3 of 3
Windows Thread, Exchange 2007 & SSL hell! in Technical; Hi all, Trying to sort out an SSL mess with our Exchange 2007 box. When I first built exchange I ...
  1. #1
    jdibsdale's Avatar
    Join Date
    May 2008
    Location
    UK
    Posts
    84
    Thank Post
    1
    Thanked 3 Times in 3 Posts
    Rep Power
    13

    Exchange 2007 & SSL hell!

    Hi all,

    Trying to sort out an SSL mess with our Exchange 2007 box. When I first built exchange I created a self signed cert because we don't publish email externally. which worked great until it expired a year later. To cut a long story short I have now got a certificate from IPSCA.com , and we now have OWA working correctly on SSL. However, we are still having SSL issues....

    I'm not able to sync a HP ipaq with my computer via USB as it returns: The security certificate on the server is not valid. Contact your Exchange Server Administrator or ISP to install a valid certificate on the server. Support Code: 80072f0d

    Out of Office will not work in Outlook 2007 only in OWA.

    Autodiscover testing returns a remote certificate name mismatch.

    On Exchange Best Practise Analyzer, we have a few errors:

    1) Certificate has expired - The SSL certificate for https://domain.org
    2) Certificate principal mismatch - The principal SSL certificate for https://domain.org does not appear to match the host address.
    3) Certificate SAN mismatch - The subject alternative name (SAN) of SSL certificat for the IMAP4 service on server mailserver does not appear to match the host address. Host address: mailserver Current SAN: no alternative name.

    Our certificate is for domain.local because we don't need to authenticate with domain.org as we only ever authenticate internally. Do we need to get a different certificate?

    If anyone's got any suggestions they would be gratefully received!

    Thanks
    Jenny

  2. #2

    Join Date
    Oct 2009
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Your SSL Certificate needs to contain all the names that you will use to access the server. See How to use SSL Certificates with Exchange 2007 for more info

    If you only access it with the internal name, you should be able to disable autodiscover or change the autodiscover address to the local name and have it work. See Outlook 2007 Certificate Error? | Elan Shudnow's Blog or Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: "The name of the security certificate is invalid or does not match the name of for info on how to change the autodiscover name.

    Since it says the certificate is expired, you should also make sure that the correct certificate is being given out by the server. Use SSL Checker - SSL Certificate Verify to verify this.

  3. #3
    jdibsdale's Avatar
    Join Date
    May 2008
    Location
    UK
    Posts
    84
    Thank Post
    1
    Thanked 3 Times in 3 Posts
    Rep Power
    13
    Thanks for your post robertss, we've now got it all sorted. We did have to redo our self certified SAN certificate with the help of SSL Certificates DigiCert Digital SSL Certificate Authority and added all the necessary names to it. This didn't solve all of our problems though, we had to rebuild our offline address book, autodiscover and change the out of office URL.. but all working now!

    After installing the new certificate onto the Ipaq's they are now synchronising too, what a successful day!

SHARE:
+ Post New Thread

Similar Threads

  1. Backup Exec 12.5 & Exchange 2007
    By Edu-IT in forum Windows Server 2000/2003
    Replies: 10
    Last Post: 7th September 2009, 09:10 AM
  2. Exchange 2007 Server Wildcard SSL CERT
    By wesleyw in forum Windows
    Replies: 0
    Last Post: 14th August 2009, 12:21 PM
  3. SSL Certificates for Exchange 2007
    By jdibsdale in forum Windows
    Replies: 14
    Last Post: 29th May 2009, 06:40 PM
  4. BackupExec & Exchange 2007.
    By boomam in forum Windows
    Replies: 3
    Last Post: 11th May 2009, 12:52 PM
  5. Exchange 2007 SSL - internal problem
    By burgemaster in forum Windows
    Replies: 3
    Last Post: 8th May 2008, 09:57 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •