Monday, 20 Nov 2017 | tralala:)
 

Exchange 2010: wildcard certificate support - Outlook: the name on the security certificate is invalid

Even though Exchange 2010 support wildcard certificate one should always remember how wildcard certificate works – otherwise you may run into the following issue:

1.       After switching from a certificate with SAN names to wildcard certificate (*.example.com) via the following commands:

 
  1. #Generate a request, import the cert…  
  2.   
  3. #If you Simplified the Outlook Web App URL  
  4. Enable-ExchangeCertificate -Server 'ExchangeserverName' -Services 'IMAP, POP, IIS, SMTP' -Thumbprint 'XXXX' –DoNotRequireSsl   
  5.   
  6. #In order not to get error message „The name on the security certificate is invalid or does not match the name of the site“ you need to change the proxy URL (more info http://blogs.technet.com/b/umutg/archive/2011/01/31/all-about-set-outlookprovider.aspx http://blogs.technet.com/b/exchange/archive/2008/09/29/3406352.aspx)  
  7. Set-OutlookProvider EXPR -CertPrincipalName msstd:*.example.com  
  8.   
  9. #Set POP and IMAP to the new certificate  
  10. set-PopSettings -X509CertificateName certname  
  11. set-imapSettings -X509CertificateName certname  

2.       You realize that everything is working but the error message “The name on the security certificate is invalid or does not match the name of the site“ in Outlook  appears again.

a.       Settings seems to be OK as the Outlook has all the proxy settings applied.

3.       If you look at the error message closely (I have borrowed a picture here> http://www.chicagotech.net/images/ex2010-6.gif) you can see the site name at the top. Lets say it would be autodiscover.internal.example.com. Try opening the name via the browser (HTTPS).

4.       Your browser says similar message – the name on the certificate does not match the requested site name.

5.       This is the moment you realize wildcard certificates are for one subdomain level only! In other words whatever.example.com is OK but another.whatever.example.com is NOT.

6.       And depending on your Exchange infrastructure you may want to change the names or buy a certificate with SAN namesJ

 

 

0 comments

Please insert the result of the arithmetical operation from the following image:

Please insert the result of the arithmetical operation from this image. =

 
 
Did you know?

That this button does nothing?

Follow Us
Topics

Hyper-V

IT Pro

Random

Get in touch

Would you like to share something interesting with me? Mail: info at rozmazat.cz