Wilcard Certificate security alert in Child Domain RRS feed

  • Question

  • Hello,

    We have Parent-Child domain architecture. We have one Exchange 2010 SP2 (PARENTEX) server in Parent domain and one Exchange 2010 SP2 server in child domain (CHILDEX). Both these servers are in single Exchange organization. PARENTEX email server is accessed via TMG server for OWA, RPC and Activesync. CHILDEX server OWA is directly exposed outside (no TMG or ISA server). For both the servers the OWA url is different (https://PARENTEX.OWA.com and https://CHILDEX.OWA.com). We have single Wildcard certificate from Godaddy. For PARENTEX we have Internal root CA certificate and wildcard certificate is applied on TMG. OWA and RPCoverHTTP work without any issues for PARENTEX user when inside the office or outside the office.

    For CHILDEX we have applied wildcard certificate on the server. The OWA (https://CHILDEX.OWA.com) has no issues of certificate. But when CHILDEX users access Outlook via RPCoverHTTP, they keep getting the Certificate Security Alert. I have added msstd:*.domain.com in CHILDEX, but still no luck.

    Kindly help me in getting rid of this certificate security alert.


    Friday, June 8, 2012 4:07 PM


All replies

  • What is the error in the certificate security alert?  Is it that it's not trusted, or that the name is wrong?  When you hold ctrl and right-click the outlook system tray icon, what urls are being shown in the "test email autoconfiguration" feature?

    Mike Crowley | MVP
    My Blog -- Planet Technologies

    Sunday, June 10, 2012 10:05 PM
  • The Certificate security alert say "Name of security certificate is invalid"

    The test auto configuration details are:

    Internal URL: https://childserver.childdomain.owa.com

    External URL: https://childex.owa.com

    Autodiscover URL: https://parentserver.owa.com/autodiscover/autodiscover.xml

    The certificate is wildcard as *.owa.com

    Monday, June 11, 2012 7:39 AM
  • Hello,

    Could you please provide a snapshot of the certificate warning in Outlook. I want to see the serer name it connects to.



    Monday, June 11, 2012 9:25 AM
  • You may wish to ask your CA vendor to what depth the wildcards are expected to work.  I would expect that it only covers the first-level subdomain.

    Mike Crowley | MVP
    My Blog -- Planet Technologies

    Monday, June 11, 2012 9:10 PM
  • I checked with vendor, the certificate is one-level only. So for second-level we need to buy additional certificate.

    Thanks for help.

    Thursday, June 14, 2012 6:59 AM