locked
Self Signed Certificate RRS feed

  • Question

  • I think i may have figured this out but just wanted to verify with all you techs. Here's what is going on. I recently renewed our Exchange Server certificate. By default, it gave me a CN=servername.local. If i access our OWA using the address https://mail.servername.com, i get a page with the following info: 

    Certificate Error: Navigation Blocked 
    "The security certificate presented by this website was issued for a different website's address" 

    I am assuming that i need to re-create the certificate using SelfSSL with the correct CN=mail.servername.com. I would then need to bind this and add the cert to the trusted root authority. 

    Am i on the right track? Or did i miss anything?
    Wednesday, March 30, 2011 6:45 PM

Answers

  • If you want to avoid errors you should use a commercial SSL certificate. When you can get these for less than $30/year for Exchange 2003 and $80/year for Exchange 2007 and higher, it becomes a false economy to use self signed certificates.
    http://certificatesforexchange.com/

    Even if you reissue the certificate you will still get an error because it isn't trusted.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Marked as answer by Sophia Xu Thursday, April 7, 2011 3:45 PM
    Wednesday, March 30, 2011 11:03 PM
  • Hi,

     

    According to your way, the certificate is not a trusted root. Before the certificate expires, you should renew a self-signed certificate or use a certificate signed by a trusted third-party. Because of the limitations of a self-signed certificate, Microsoft recommends that you replace the self-signed certificate with either a trusted third-party certificate or a certificate signed by a Windows PKI.

     

    For more information, please refer to the article ‘Understanding the Self-Signed Certificate in Exchange 2007’:

    http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx

     

    Hope this helps.

     

    Thanks


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Sophia Xu Thursday, April 7, 2011 3:45 PM
    Friday, April 1, 2011 3:30 AM
  • On Fri, 1 Apr 2011 23:43:04 +0000, jh57 wrote:
     
    >What service(s) would i need to enable for OWA and ActiveSync?
     
    None. They're all running already.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Marked as answer by Sophia Xu Thursday, April 7, 2011 3:45 PM
    Saturday, April 2, 2011 5:44 PM

All replies

  • If you want to avoid errors you should use a commercial SSL certificate. When you can get these for less than $30/year for Exchange 2003 and $80/year for Exchange 2007 and higher, it becomes a false economy to use self signed certificates.
    http://certificatesforexchange.com/

    Even if you reissue the certificate you will still get an error because it isn't trusted.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Marked as answer by Sophia Xu Thursday, April 7, 2011 3:45 PM
    Wednesday, March 30, 2011 11:03 PM
  • Hi,

     

    According to your way, the certificate is not a trusted root. Before the certificate expires, you should renew a self-signed certificate or use a certificate signed by a trusted third-party. Because of the limitations of a self-signed certificate, Microsoft recommends that you replace the self-signed certificate with either a trusted third-party certificate or a certificate signed by a Windows PKI.

     

    For more information, please refer to the article ‘Understanding the Self-Signed Certificate in Exchange 2007’:

    http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx

     

    Hope this helps.

     

    Thanks


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Sophia Xu Thursday, April 7, 2011 3:45 PM
    Friday, April 1, 2011 3:30 AM
  • Kindly check the autodiscover is there in ur certificate if it is not then you have to redirect the url with following the article below.

    http://support.microsoft.com/kb/940726

    Hope this helps.

     

    Thanks


    Viral R MCTS
    Friday, April 1, 2011 4:05 AM
  • Dear i am also agree with sembee that if you want to avoid errors you should use a commercial SSL Certificate. you can get SSL Certificate at cheap price starting with $9 from http://www.sslmatrix.com so why use self signed certificate.

    • Edited by SSLMatrix Tuesday, September 30, 2014 11:01 AM
    Friday, April 1, 2011 9:31 AM
  • What service(s) would i need to enable for OWA and ActiveSync?
    Friday, April 1, 2011 11:43 PM
  • On Fri, 1 Apr 2011 23:43:04 +0000, jh57 wrote:
     
    >What service(s) would i need to enable for OWA and ActiveSync?
     
    None. They're all running already.
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Marked as answer by Sophia Xu Thursday, April 7, 2011 3:45 PM
    Saturday, April 2, 2011 5:44 PM