0

I just finished moving mailboxes last night to a second Exchange 2007 server I built (moving from physical to virtual). Clients are pointed to the new server. Getting ready to remove the old server from my domain.

We have an SSL certificate for OWA that I purchased and have used on the old server (on the default website in IIS) that is used to secure traffic on OWA and for our mobile devices. I imported that certificate into the new server's Default Web Site hoping to secure owa and mobile devices again. It's working great for owa and mobile devices but ever since I did my Outlook clients get an error popup occasionally.

enter image description here

I know its because the certificate is for our external address (mail.domain.com, we use this for owa and mobile device connection) and the FQDN of the server is different (exchange2007.domain.com). I think this is caused because the new exchange2007 server is using the certificate I purchased and imported into IIS, instead of using the Self Signed certificate that has the same FQDN. I'm just not sure how to tell Exchange (not OWA or Default Website in IIS) to use the self signed cert. I never had this issue with the old server.

So how can I tell Exchange to use the Self Signed certificate for Outlook clients connected directly?

ItsPronounced
  • 634
  • 4
  • 18
  • 40

1 Answers1

1

You shouldn't be using self signed certificates at all.

You haven't configured your new server with the correct names and/or got the DNS configured correctly. If you have moved all of your users across, then change the names in Exchange and in DNS to point to the new server. Then plan to remove the old server.

See my web site here: http://semb.ee/hostnames2007

Sembee
  • 2,884
  • 1
  • 8
  • 11
  • So no self-signed certs even for internal use clients that are directly connected to the exchange server? I've never bought an SSL for a physical server in the past (other than for OWA). – ItsPronounced Dec 01 '17 at 17:00
  • Thanks for the info, I ended up purchasing a cheap certificate that matched the FQDN of the physical server and using it. I haven't seen the error yet. – ItsPronounced Dec 01 '17 at 18:15
  • The self signed certificate should be considered a placeholder for a real certificate - used for getting Exchange running. The real name of the server is rarely used - it makes migrating very difficult as you have to adjust clients manually or potentially end up with a clash of names. This is particularly the case with later versions of Exchange which are all web services based. – Sembee Dec 04 '17 at 13:54