SSL Certificate Mismatch error in Exchange Best Practice Analyzer
We are in the process of migrating from Exchange 2007 to Exchange 2010. We created a SAN certificate with the principle name called
contoso.test.com, but the AutodiscoverServiceInternalUri is set to the
https://dc.contoso.test.com. ExBPA is giving me a error " The subject alternative name (SAN) of SSL certificate for
https://dc.contoso.test.com/autodiscover/autodiscover.xml does not match the host address. Host address: dc.contoso.test.com. Currect SAN: DNS=contoso.test.com.
The SAN does contain the name dc.contoso.test.com .. Thoughts?
June 19th, 2012 3:43pm
I can only guess this is a bug. I have never deployed a certificate with this naming convention, using a mixture of sub.domain.com and sub.sub.domain.com. It is probably confusing things by having both types of names involved.
Simon. Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
June 20th, 2012 5:49pm
As Simon said it may be a bug. However just to validate your certificate is good you can check the following:
http://www.digicert.com/help/ (even if it's not a digicert certificate you can use this to test the chain and everything)
https://www.digicert.com/util/ - small utility that can also be useful
https://www.testexchangeconnectivity.com/ - test external access which will validate the cert as well.
Chris Morgan
June 22nd, 2012 3:12pm