Exchange 2007/Outlook 2007 SSL Certificate Question

madmatt

Bow Down to the King
Political User
Joined
Apr 5, 2002
Messages
13,312
#1
I setup Exchange 2007 on my server. The domain is usmsol.local. I created a certificate through CA Cert (thanks Geffy) in the name mail.usmsol.net since that is how I will be accessing OWA.

However, when I open Outlook 2007 I get a certificate error since the name of the server (usm-fusion.usmsol.local) doesn't match the name on the certificate (mail.usmsol.net).

How do I resolve this or prevent Outlook from displaying this message? I've already installed both the root certificate and the server certificate.

Furthermore, you cannot add .LOCAL domains to the certiificates on CA Cert. If I go through VeriSign will I be able to add both usm-fusion.usmsol.local and mail.usmsol.net?

Any help/input is appreciated. Thank you.
 

NetRyder

Tech Junkie
Joined
Apr 19, 2002
Messages
13,256
#2
Your current setup should still work.

What address did you enter in the "Microsoft Exchange Server" field in Outlook 2007's account setup?
Also, what do you have in these two highlighted fields in the Exchange Proxy Settings dialog?

 
Joined
Feb 2, 2004
Messages
7,027
#3
what specs are you running exchange 2007 on?

I tried it on a 2GB ram athlon 64 /windows 2003 standard x64 and it kept crashing the server.
 

madmatt

Bow Down to the King
Political User
Joined
Apr 5, 2002
Messages
13,312
#4
LordOfLA -
Dell PowerEdge SC1430 - 1.6GHz Xeon 5110, 2GB, 2x500GB
Windows Server 2003 R2 Enterprise x64

NR -
It works, however, I get a certificate error when I first open Outlook (I see the same message twice before it allows me to continue). This is annoying and I don't want to see it. See attachment.

The FQDN of my Exchange server: usm-fusion.usmsol.local

I don't have Outlook Anywhere configured yet.
 
Last edited:

Geffy

OSNN Veteran Addict
Joined
Mar 18, 2002
Messages
7,805
#5
LordOfLA -
Dell PowerEdge SC1430 - 1.6GHz Xeon 5110, 2GB, 2x500GB
Windows Server 2003 R2 Enterprise x64

NR -
It works, however, I get a certificate error when I first open Outlook (I see the same message twice before it allows me to continue). This is annoying and I don't want to see it. See attachment.

The FQDN of my Exchange server: usm-fusion.usmsol.local

I don't have Outlook Anywhere configured yet.
You need to have the FQDN of the Exchange server, or what the exchange server believes its called to match up with the SSL certificate. So you probably need to change that to mail.usmol.net.
 

madmatt

Bow Down to the King
Political User
Joined
Apr 5, 2002
Messages
13,312
#7
I am happy to report that the issue has been resolved and I now have a fully functional Domain Controller and Exchange Server all in one.

I reformatted the box and did things slightly different after doing my research.

The first thing I did was use a .NET address for my domain instead of the .LOCAL so I could add the names to the certificate without having issues.

Here's the command I used (with my values removed).

Code:
New-ExchangeCertificate -GenerateRequest -domainname mail.address.net,autodiscover.address.net,server.local.address.net,loca.address.net -FriendlyName mail.address.net -privatekeyexportable:$true -path c:\cert.txt
After submitting this request to a publisher I imported the certificate (cert.cer).

Code:
Import-ExchangeCertificate -path c:\cert.cer
Nothing difficult yet. After retrieving the thumbprint (for use in the next step) it gets a little tricky due to poorly written Microsoft documentation (I'll get to why in just a bit).

Next we will enable to certificate for SMTP, IIS, and whatever other services you are going to offer (i.e. IMAP, POP).

Code:
enable-ExchangeCertificate -thumbprint THUMBPRINT_HERE -services "SMTP,IIS,IMAP,POP"
Here's the thing. Last I knew, Exchange's specialty was SMTP. Microsoft's documentation doesn't mention having to enable the certificate for SMTP for your Exchange 2007 server to function correctly (hence the reason I was seeing errors in the Event Viewer and when I opened Outlook 2007).

How things change with new versions... Anyway, I hope this post will help someone else in the future.
 

peterzog

OSNN One Post Wonder
Joined
Feb 6, 2007
Messages
1
#8
I am having the same problem. Before I make name changes to my server can you clarify how you have it setup.

Your domain is: address.net

Your Exchange server true name is: mail.address.net

You have DNS for external requests of mail.address.net, autodiscover.address.net, server.address.net and so on... pointing to the IP of mail.address.net right?

Does IE7 have any problem with a self-assigned certificate when using the Outlook web client?
 

mdaitc

OSNN One Post Wonder
Joined
Feb 14, 2007
Messages
1
#9
hey madmatt,

you said:

after submitting this request to a publisher I imported the certificate (cert.cer).

Which "publisher" did you use?

Thanks!
 

madmatt

Bow Down to the King
Political User
Joined
Apr 5, 2002
Messages
13,312
#10
mdaitc,

http://www.cacert.org

You have to import the root cert on the server and any client (including the WM device) for it to work perfectly.

peterzog,

I have mail.address.net and autodiscover.address.net pointing to the external IP address for my network.

server.local.address.net and local.address.net do not reverse on the outside. However, that is okay because they aren't accessible from the outside.
 

Members online

No members online now.

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,992
Messages
673,382
Members
89,023
Latest member
ganster