Digicert third party SSL Certificate shows Invalid

Dear Team,

My CAS + MB mail servers name FQDN are :

1) mail1.xyz.com 2) mail2.xyz.com

Im using Split brain DNS scenario to resolve server names using mail.xyz.gov.in and changed all virtual directories Internal and external URLs to mail.xyz.gov.in.

In SSL, I added the following SANs and brought it from Digicert and private key has added in the certificate.

mail.xyz.gov.in, autodiscover.xyz.gov.in. imap.xyz.gov.in, pop.xyz.gov.in, edge.xyz.gov.in and sent DSR to Digicert.

After completing the request with generated certificate , Im getting error certificate status Invalid.

Q :

Is that SSL error is because of , domain name mismatch in SSL SAN and actual FQDN of the server ?
Is it required to add single SAN with mail.xyz.com as a common name ?

T & R,

Kamlesh

March 20th, 2015 2:32am

Helo Kamalesh,

To correct the problem you must install the root certificate for the certificate authority in the 'Trusted Root Certification Authorities' container of your certificate store console. Cross check if it is already there

Free Windows Admin Tool Kit Click here and download it now
March 20th, 2015 2:53am

Hi Kamlesh,

I believe while you were generating the CSR you should have also added the internal host name i.e 1) mail1.xyz.com 2) mail2.xyz.com.

March 20th, 2015 3:00am

   
Dear All,
 
Issue has been resolved after importing intermediate certificate.cer on every CA+MB server in DAG.
 
Thanks you all for your support.
 
T & R,
 

Free Windows Admin Tool Kit Click here and download it now
March 21st, 2015 3:20am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics