locked
Wilcard Certificate security alert in Child Domain RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    We have Parent-Child domain architecture. We have one Exchange 2010 SP2 (PARENTEX) server in Parent domain and one Exchange 2010 SP2 server in child domain (CHILDEX). Both these servers are in single Exchange organization. PARENTEX email server is accessed via TMG server for OWA, RPC and Activesync. CHILDEX server OWA is directly exposed outside (no TMG or ISA server). For both the servers the OWA url is different (https://PARENTEX.OWA.com and https://CHILDEX.OWA.com). We have single Wildcard certificate from Godaddy. For PARENTEX we have Internal root CA certificate and wildcard certificate is applied on TMG. OWA and RPCoverHTTP work without any issues for PARENTEX user when inside the office or outside the office.

    For CHILDEX we have applied wildcard certificate on the server. The OWA (https://CHILDEX.OWA.com) has no issues of certificate. But when CHILDEX users access Outlook via RPCoverHTTP, they keep getting the Certificate Security Alert. I have added msstd:*.domain.com in CHILDEX, but still no luck.

    Kindly help me in getting rid of this certificate security alert.

    Thanks

    Friday, June 8, 2012 4:07 PM

Answers

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    What is the error in the certificate security alert?  Is it that it's not trusted, or that the name is wrong?  When you hold ctrl and right-click the outlook system tray icon, what urls are being shown in the "test email autoconfiguration" feature?


    Mike Crowley | MVP
    My Blog -- Planet Technologies

    Sunday, June 10, 2012 10:05 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    The Certificate security alert say "Name of security certificate is invalid"

    The test auto configuration details are:

    Internal URL: https://childserver.childdomain.owa.com

    External URL: https://childex.owa.com

    Autodiscover URL: https://parentserver.owa.com/autodiscover/autodiscover.xml

    The certificate is wildcard as *.owa.com

    Monday, June 11, 2012 7:39 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    Could you please provide a snapshot of the certificate warning in Outlook. I want to see the serer name it connects to.

    Thanks,

    Simon

    Monday, June 11, 2012 9:25 AM
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    You may wish to ask your CA vendor to what depth the wildcards are expected to work.  I would expect that it only covers the first-level subdomain.


    Mike Crowley | MVP
    My Blog -- Planet Technologies

    Monday, June 11, 2012 9:10 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    I checked with vendor, the certificate is one-level only. So for second-level we need to buy additional certificate.

    Thanks for help.

    Thursday, June 14, 2012 6:59 AM