locked
Certificate errors due to non-ownership of domain name RRS feed

  • Question

  • When our domain was setup 10 years ago, the IT pro that did it setup our domain as XXX.com.  The issue we are having is the domain name he used is owned by someone else.  And this is causing issues because whenever we open Outlook users get two security warnings about a bad certificate due to the above error.  We have tried to get the domain but is it owned by a casino.  We have also tossed the idea around about changing our domain to XXX.local but this would cause major issues as well.  Is there anyway to fix the certificate or get around this issue?  I have a few users who would like to access their Outlook email from outside the office but cannot and we fell the certificate is probably the issue.
    Friday, December 23, 2011 5:24 AM

Answers

  • You must have your own domain that you use for email?

    If so, then you need to get a certificate for that domain.

    It will need to be a commercial Unified Communications, aka multiple domain, aka subject alternative name certificate. The names will be:

    mail.example.com (common name, used to access the server from the Internet)
    autodiscover.example.com
    server

    where example.com is your email domain and server is the name of your Exchange server.

    You will then need to setup a split DNS system so that your email domain and the host names resolve internally to the Exchange server.
    http://exchange.sembee.info/network/split-dns.asp

    Finally, you will need to change all of the host names in Exchange to match the public name that you do control. These are on OWA, OAB, OAB, Outlook Anywhere, EWS and ECP if Exchange 2010.
    There is also an entry on Set-ClientAccessSever for AutodiscoverServiceInternalURI which needs to be set to autodiscover.example.com.

    Basically removing all references inside Exchange to your internal domain name.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    Friday, December 23, 2011 8:24 PM