Exchange 2007/Outlook 2007 SSL Certificate Question

madmatt

Awesome is as awesome does.
Political Access
Joined
5 Apr 2002
Messages
13,314
I setup Exchange 2007 on my server. The domain is usmsol.local. I created a certificate through CA Cert (thanks Geffy) in the name mail.usmsol.net since that is how I will be accessing OWA.

However, when I open Outlook 2007 I get a certificate error since the name of the server (usm-fusion.usmsol.local) doesn't match the name on the certificate (mail.usmsol.net).

How do I resolve this or prevent Outlook from displaying this message? I've already installed both the root certificate and the server certificate.

Furthermore, you cannot add .LOCAL domains to the certiificates on CA Cert. If I go through VeriSign will I be able to add both usm-fusion.usmsol.local and mail.usmsol.net?

Any help/input is appreciated. Thank you.
 

NetRyder

Tech Junkie
Joined
19 Apr 2002
Messages
13,256
Your current setup should still work.

What address did you enter in the "Microsoft Exchange Server" field in Outlook 2007's account setup?
Also, what do you have in these two highlighted fields in the Exchange Proxy Settings dialog?

ol2007ht2.jpg
 

LordOfLA

Godlike!
Joined
2 Feb 2004
Messages
7,026
what specs are you running exchange 2007 on?

I tried it on a 2GB ram athlon 64 /windows 2003 standard x64 and it kept crashing the server.
 

madmatt

Awesome is as awesome does.
Political Access
Joined
5 Apr 2002
Messages
13,314
LordOfLA -
Dell PowerEdge SC1430 - 1.6GHz Xeon 5110, 2GB, 2x500GB
Windows Server 2003 R2 Enterprise x64

NR -
It works, however, I get a certificate error when I first open Outlook (I see the same message twice before it allows me to continue). This is annoying and I don't want to see it. See attachment.

The FQDN of my Exchange server: usm-fusion.usmsol.local

I don't have Outlook Anywhere configured yet.
 
Last edited:

Geffy

OSNN Veteran Addict
Joined
18 Mar 2002
Messages
7,805
LordOfLA -
Dell PowerEdge SC1430 - 1.6GHz Xeon 5110, 2GB, 2x500GB
Windows Server 2003 R2 Enterprise x64

NR -
It works, however, I get a certificate error when I first open Outlook (I see the same message twice before it allows me to continue). This is annoying and I don't want to see it. See attachment.

The FQDN of my Exchange server: usm-fusion.usmsol.local

I don't have Outlook Anywhere configured yet.

You need to have the FQDN of the Exchange server, or what the exchange server believes its called to match up with the SSL certificate. So you probably need to change that to mail.usmol.net.
 

fitz

Woah.. I'm still here?
Political Access
Joined
26 Apr 2004
Messages
4,085
two words for you:

Split DNS
 

madmatt

Awesome is as awesome does.
Political Access
Joined
5 Apr 2002
Messages
13,314
I am happy to report that the issue has been resolved and I now have a fully functional Domain Controller and Exchange Server all in one.

I reformatted the box and did things slightly different after doing my research.

The first thing I did was use a .NET address for my domain instead of the .LOCAL so I could add the names to the certificate without having issues.

Here's the command I used (with my values removed).

Code:
New-ExchangeCertificate -GenerateRequest -domainname mail.address.net,autodiscover.address.net,server.local.address.net,loca.address.net -FriendlyName mail.address.net -privatekeyexportable:$true -path c:\cert.txt

After submitting this request to a publisher I imported the certificate (cert.cer).

Code:
Import-ExchangeCertificate -path c:\cert.cer

Nothing difficult yet. After retrieving the thumbprint (for use in the next step) it gets a little tricky due to poorly written Microsoft documentation (I'll get to why in just a bit).

Next we will enable to certificate for SMTP, IIS, and whatever other services you are going to offer (i.e. IMAP, POP).

Code:
enable-ExchangeCertificate -thumbprint THUMBPRINT_HERE -services "SMTP,IIS,IMAP,POP"

Here's the thing. Last I knew, Exchange's specialty was SMTP. Microsoft's documentation doesn't mention having to enable the certificate for SMTP for your Exchange 2007 server to function correctly (hence the reason I was seeing errors in the Event Viewer and when I opened Outlook 2007).

How things change with new versions... Anyway, I hope this post will help someone else in the future.
 

peterzog

OSNN One Post Wonder
Joined
6 Feb 2007
Messages
1
I am having the same problem. Before I make name changes to my server can you clarify how you have it setup.

Your domain is: address.net

Your Exchange server true name is: mail.address.net

You have DNS for external requests of mail.address.net, autodiscover.address.net, server.address.net and so on... pointing to the IP of mail.address.net right?

Does IE7 have any problem with a self-assigned certificate when using the Outlook web client?
 

mdaitc

OSNN One Post Wonder
Joined
14 Feb 2007
Messages
1
hey madmatt,

you said:

after submitting this request to a publisher I imported the certificate (cert.cer).

Which "publisher" did you use?

Thanks!
 

madmatt

Awesome is as awesome does.
Political Access
Joined
5 Apr 2002
Messages
13,314
mdaitc,

http://www.cacert.org

You have to import the root cert on the server and any client (including the WM device) for it to work perfectly.

peterzog,

I have mail.address.net and autodiscover.address.net pointing to the external IP address for my network.

server.local.address.net and local.address.net do not reverse on the outside. However, that is okay because they aren't accessible from the outside.
 

Members online

No members online now.

Latest profile posts

Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
Terrahertz wrote on Electronic Punk's profile.
Yo fellas!
Electronic Punk wrote on Sazar's profile.
Where are you buddy?

Forum statistics

Threads
62,004
Messages
673,460
Members
5,599
Latest member
Larry Chris