locked
Certificate Error Exchange 2010 RRS feed

  • Question

  • Guys,

     

    I'm getting a new error now. So far things were going good & we started to move folks over to the new exchange server. Folks connecting to the new CAS server are getting certificate   error ("Security Alert" DO you want to proceed)  on their Outlook clients only.

    I'm not looking to spend the $$ & buy a new SSL cert for outlook. IS there a work around?

     

    Thanks,

    Daman.


    Daman
    Monday, November 7, 2011 5:45 PM

Answers

  • These certificate warnings are due to your CAS services URLs not matching the names that are in your certificate. They must match. What names (SN/SAN) are in the certificate on the CAS server that is tied to the IIS service? Please read the following KB article for more info:

    http://support.microsoft.com/kb/940726


    Tim Harrington | MVP: Exchange | MCITP: EMA 2007/2010, MCITP: Lync 2010, MCITP: Server 2008, MCTS: OCS | Blog: http://HowDoUC.blogspot.com | Twitter: @twharrington
    • Proposed as answer by Sophia Xu Wednesday, November 9, 2011 5:45 AM
    • Marked as answer by Sophia Xu Tuesday, November 15, 2011 1:31 AM
    Monday, November 7, 2011 6:00 PM

All replies

  • These certificate warnings are due to your CAS services URLs not matching the names that are in your certificate. They must match. What names (SN/SAN) are in the certificate on the CAS server that is tied to the IIS service? Please read the following KB article for more info:

    http://support.microsoft.com/kb/940726


    Tim Harrington | MVP: Exchange | MCITP: EMA 2007/2010, MCITP: Lync 2010, MCITP: Server 2008, MCTS: OCS | Blog: http://HowDoUC.blogspot.com | Twitter: @twharrington
    • Proposed as answer by Sophia Xu Wednesday, November 9, 2011 5:45 AM
    • Marked as answer by Sophia Xu Tuesday, November 15, 2011 1:31 AM
    Monday, November 7, 2011 6:00 PM
  • You can't avoid SSL certificates, Exchange 2010 is built around web services.
    Spend the $80/year on the certificate and you will find that things go a lot smoother. Trying to find a work around is simply a waste of time (it doesn't really exist anyway). The self signed certificates that Exchange creates are not supported for use with Outlook Anywhere and ActiveSync, and the most common problems with Exchange 2010 are caused by people trying to avoid SSL certificates.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    Monday, November 7, 2011 6:00 PM