I have the following configuration with Exchange Server 2010:
- I have a self-signed certificate which is associated with all the services (POP, SMTP etc..) except IIS (which is associated with a certificate issued by Verisign and it works perfectly on the webmail).
- When I visit the webmail (https://webmail.example.org/owa), it works perfectly.
- All Outlook clients are configured to use the server's local name (like DOMAIN.SERVER, because they're on the same LAN) and not the domain with which the webmail is associated.
The problem is:
When users connect to the Exchange Server (using local LAN) though Outlook 2010, this warning is shown (in italian):
Translation: it says that the certificate is issued by an authorized provider (VeriSign in this case), the date is valid BUT there's a name mismatch (the name written on the certificate doesn't correspond to the server's name).
If I press the "Show certificate" button (the last one in the picture above), the certificate associated with IIS is shown: how can it be possible? I mean, it should only be used when connecting through Webmail.
Is there a way to avoid using an SSL certificate in local LAN but only for webmail?
Thank you
UPDATE
This warning didn't show with Exchange 2003: we are using the same certificates.
Best Answer
Your certificate is for
webmail.example.org
. If you're connecting to your Exchange server viaserver.domain
, then the name will not match the common name in the certificate, thus the error.You either need a certificate that includes both names or you always have to use the external name (even when on the LAN).
To make sure your clients use the external connector for your Exchange services, here are a few commands that may help:
EXCHANGE-SERVER
is the hostname of your Exchange serverexchange-server.yourdomain.com
is the externally visible name of your Exchange serverCommands