Internal / External SSL Name Conflicts
I've seen this asked many times, and never a great answer given on the subject.The internal name of our network is sample.local, with the new Server 2008 running Exchange 2007 as server.sample.local (not their real names of course..) Our certificate thats installed on the Default Web Server is running as mail.sample.com. OWA connects fine, does not complain. However using Outlook Anywhere, Outlook complains that the certificate names do not match, as its presenting server.sample.local to the client as the name instead of the external name.We are not running ISA, or a Edge Transport for that matter. Its a simple, single server setup. Without creating a internal DNS struture that breaks DNS of pointing sample.com to internal names. Is there anyway to fix this problem? I've seen this question asked a million times.We are not using Autodiscovery either. To Sum it up:Internal Name: server.sample.localExternal Name: mail.sample.comSSL Cert: mail.sample.comOWA: Works, no cert errors.IMAP: Works, no cert errors.Outlook Anywhere: cert name mismatch, looking for server.sample.local, will still work, just complainsWindows Mobile: cert name mismatch, will not workAnyway to get Outlook Anywhere and internal clients both happy with the SSL?
June 2nd, 2008 10:39pm

There are new certificate requirements when working with Exchange 2007. Basically you need a special cert that has two names bound to it. This is a cert with what is called Subject Alternative Names . You'll add both your inside and outside names to the one cert and everything will work. Here are some links that should help. http://msexchangeteam.com/archive/2007/02/19/435472.aspx http://www.entrust.net/ssl-certificates/unified-communications.htm http://msexchangeteam.com/archive/2007/04/30/438249.aspx All of my certs are from Verisign and they do not have a cert that works properly for 2007. Because of this, I actually ended up having two servers running the CAS role. One for OWA with the outside cert and one with the inside cert for Outlook 2007. There were other reasons for me to have two CAS servers so don't think this is the proper work around. In fact it is not recommended by MS. --Patrick
Free Windows Admin Tool Kit Click here and download it now
June 3rd, 2008 8:33pm

Hi, Actually, this is due to the name of the certificate doesnt match the URL that the Outlook Anywhere client is trying to communicate with. Such as: The Service Connection Point object for the Autodiscover service The InternalUrl attribute of Exchange 2007 Web Service (EWS) The InternalUrl attribute of the Offline Address Book Web service The InternalUrl attribute of the Exchange unified messaging (UM) Web service I recommend you read the following article about the relationship between Autodiscover and Certificate White Paper: Exchange 2007 Autodiscover Service http://technet.microsoft.com/en-us/library/bb332063.aspx You can view another instruction about such issue so as to help you understand it. http://support.microsoft.com/kb/940726 Thanks Allen
June 4th, 2008 6:42am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics