Exchange Server - Exchange Anywhere, certificate not valid ?!

Asked By Andrew on 19-Nov-10 12:15 PM

Hi guys,
I have setup Exchange 2010 with Anywhere service but when I make
certificate request and complete process with download certificate
file, on Console it shows me that "certificate is not valid for
Exchange" and I cannot assign services to certificate.

I have tried both self-signed certificate or free from www.cacert.it but
give me the same error.
Maybe the problem is CA Authority? I have try to install also root
certificate but nothing to do.

Someone can help me how to troubleshoot it?

Thanks very much
Andrea

iann replied to Andrew on 19-Nov-10 02:13 PM

Are you requesting a web server certificate? Can you go through the
steps you took for requesting the certificate?

iann replied to Andrew on 19-Nov-10 02:15 PM

Can you list out the steps you took for requesting the certificate and
importing it?

Andrew replied to iann on 20-Nov-10 11:29 AM

Il 19/11/2010 20:15, iann ha scritto:

I have fixed it and now it is works!

The problem was rpcproxy, I have followed this article for resolve it:
http://www.exchange-genie.com/2008/02/configuring-outlook-anywhere-for-exchange-2007-sp1/

Now works but there is a little problem, my certificate is created for
FQDN internet domain (my.contoso.it), and when user place in inside lan
it shows invalid certificate error because does not match with site name
(myserver.local).

How I can avoid this message??

thanks again
Andrea

Typus Vulgaris replied to Andrew on 20-Nov-10 12:34 PM

//www.exchange-genie.com/2008/02/configuring-outlook-anywhere-fo...

Hi Andrea,

You should create certificate with SANs (subject alternative name) and
put all FQDNs to certificate.

--
typus

Andrew replied to Typus Vulgaris on 21-Nov-10 07:35 AM

Il 20/11/2010 18:34, Typus Vulgaris ha scritto:

Thanks typus, but I have already certificate with SAN, in detail of my
cert there is also this autodiscover:

Name DNS=autodiscover.mydomain.local

ANd when I open Outlook inside LAN it shows me warning certificate
message for "myservername.mydomain.local".

Maybe does not works fine autodiscover service?

--
Andrea

John Oliver, Jr. [MVP] replied to Andrew on 21-Nov-10 09:20 PM

Please list all SAN names.  In the link you provided for your
commercial UCC certificate, I could not find anywhere on their website
where this is provided.  I have also never heard a trusted third party
provider supplying these for free.  I would verify this the case
before going any further.

Andrew replied to John Oliver, Jr. [MVP] on 22-Nov-10 02:25 PM

Il 22/11/2010 03:20, John Oliver, Jr. [MVP] ha scritto:

I have resolve the problem creating from my CA a new certificate with all
domain listed in SANs and now working fine inside and outside lan.

thanks very much
Andrea

Previous Exchange Server Discussion: Get average messages per user and avergage email size?

Access over 40 UI widgets with everything from interactive menus to rich charts.