0

I have an SBS 2011 server running Exchange 2010 on which the self signed certificate recently expired. I have taken steps to re-issue the certificate but both still cause Outlook to throw a security alert when started up.

The first step was to follow this blog: http://blog.the-it-blog.co.uk/2013/01/25/re-issuing-a-self-signed-certificate-for-exchange-sbs/ . This fixed the date issue but Outlook then shows a cross next to:

The security certificate is from a trusted certifying authority

The next step was to run the Fix My Network wizard which fixed the issue above but now shows a cross next to:

The name on the security certificate is invalid or does not match the name of the site

I found a post mentioning that I should run the Internet Address Management wizard but I thought it may effect the existing Exchange settings. I have read plenty of similar blogs on the issue but cannot seem to find a solution.

Thanks in advance

Karl
  • 131
  • 1
  • 5

2 Answers2

1

Get a SAN cert, they are cheap and the recommended way to go when securing Exchange 2007+

Here is some info on it: https://www.digicert.com/subject-alternative-name.htm

DanBig
  • 11,423
  • 1
  • 29
  • 53
  • Thanks for the comment, I priced up a certificate from our domain provider (123-reg.co.uk) which comes out at £150 for Three years which seem pretty reasonable. So once i have purchased it, is it just a case of installing it on the server? I assume it will also solve the warnings when users access OWA through their browser? – Karl Sep 17 '14 at 17:02
0

If a SAN certificate is too expensive, please read over the following technet blog article, it describes the commands you need to run to change the Internal URIs in Exchange to match the name on the SSL certificate.

The name on the security certificate is invalid....

Martin88
  • 171
  • 1
  • 2
  • Hi, thanks for the answer. I have just ran through all the points on this blog and still no change. It seems the 'Issued to:' field on the certificate is the issue. It just lists 'Sites' as the 'Issued to' when I believe it should be something along the lines of mail.company.com? – Karl Sep 18 '14 at 10:29