Exchnage 2007 self assgned SSL Certificate Renewal
Hi Guys,
I have Exchange 2007 with sp1 in CCR, running on vmware environment. The server is configured with self assigned SSL certificate.
The certificate is due for renewal and i'm aware of the procedure, how to renew the certificate. But the issue i'm having is that, we have a proxy server in front of the Exchnage server. When i renewed the certificate, now the date is validated
and extended for 12months. But the error message for outlook user are now changed to: " The name on the security certificate is invalid or does not match the name of the site"??
Any suggestions would be appreciated. Thanks!!
February 22nd, 2011 11:02pm
The URL on the certificate certificate must match exactly the URL that your users use to access OWA from the internet. Did you issue the certificate for your internal mailbox server and then export a copy to your proxy server. If so the certificate
may be for the the fully qualified internal name of your exchange server whhich is not necessarilly the name that it is published under on the internet. If this is the case you will need to issue a certificate for the URL that OWA is accesed from externally
and apply it to your proxy server.
John
Free Windows Admin Tool Kit Click here and download it now
February 23rd, 2011 4:29am
If you renewed the old SelfSigned certificate it should include the exact same names as the old certificate and if the old certificate wasn't causing any warnings neighter should the new one.
Have you renewed the certificate in a similar fashion to this -
http://exchangepedia.com/2008/01/exchange-server-2007-renewing-the-self-signed-certificate.html ?Jesper Bernle | Blog: http://xchangeserver.wordpress.com
February 23rd, 2011 4:52am
Hi Guys,
Thanks for your help. I did follow exactly same steps as mentioned by jesper's url but for some reason it's still generating the same error message.
What i'm not sure is if there is any steps i need to perform on DC, e.g. to create or import certificate initially on to DC and then export to exchnage environmenton? once it's done then enable the certificate for IIS, POP, and so.
Regards,
Fzikria
Free Windows Admin Tool Kit Click here and download it now
February 23rd, 2011 8:31pm
Hi Fazikra,
Can you check the event viewer on the Exchange Server if these errors are there or not:
Source: MSExchangeTransport Category:TransportService EventID: 12014
EventID: 12023 Microsoft Exchange could not load the certificate with thumbprint
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
February 24th, 2011 2:10am
SelfSigned certificates are created locally on Exchange itself generated through IIS7 (Create a Self-Signed Server Certificate in IIS 7) so there is no need
to look at DC at this time.
The warning you receive is due to the fact that one or more of your URLs isn't listed in the certificate as an Subject Alternate Name (SAN). When you have Outlook opened, hold down the CTRL key and right click on the Outlook icon to the right, next
to the clock in the taskbar, and choose "Test E-mail AutoConfiguration". Uncheck Guess Smart and only run with Auto Discover.
My guess is that the URL for the Offline Address Book OAB, isn't listed in your certificate.Jesper Bernle | Blog: http://xchangeserver.wordpress.com
Free Windows Admin Tool Kit Click here and download it now
February 24th, 2011 3:14am
Hi Fzikria,
Any updates?
Please check whether the error occurs if opening Outlook in LAN.
"Did you issue the certificate for your internal mailbox server and then export a copy to your proxy server."
Please also run the Exbpa.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
February 25th, 2011 1:02am
Hi Fzikria,
Any updates?Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
February 27th, 2011 9:02pm