locked
Exchange 2010 SSL wrong certificate RRS feed

  • Question

  • Have Exchange 2010, all the SPs and RUs. Three days ago all of our mobile devices stopped connecting to e-mail. However, Outlook and OWA are working fine.

    Error on device is "Cannot connect to server"

    Ran the connectivity analyzer and below is the error.

    I have a valid SSL certificate that expires in 2017. In the error, the SSL Certificate that is being pointed to is not ours. The site "rogansmemorials" is a valid place where we purchased flowers for a staff member, but we are in no way related to it. Somehow their SSL certificate has taken the place of ours.

    How do I fix this?

    ---------------------------------------------------

    Testing the SSL certificate to make sure it's valid.
    The SSL certificate failed one or more certificate validation checks.
    The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.ourwebsite.com on port 443.
    The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.

    Additional Details
    Remote Certificate Subject: CN=www.rogansmemorials.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)10, OU=GT84814419, O=www.rogansmemorials.com, C=US, SERIALNUMBER=fIZeLP-K7AU7ugSbLxM7c9vf33vaZ0Fl, Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US.

    Validating the certificate name.
    Certificate name validation failed.

    Additional Details
    Host name autodiscover.ourwebsite.com doesn't match any name found on the server certificate CN=www.rogansmemorials.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)10, OU=GT84814419, O=www.rogansmemorials.com, C=US, SERIALNUMBER=fIZeLP-K7AU7ugSbLxM7c9vf33vaZ0Fl.

    --------------------------------------------------


    Cathy Burnham, MCSA

    Tuesday, April 1, 2014 4:02 PM

All replies

  • In the EAC is the wrong certificate showing for your server?  Is your original valid certificate still showing in the EAC for the server as well? If so, simply remove the invalid certificate from the EAC and assign the necessary services to the correct certificate.

    This link may help with that process: http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/managing-certificates-exchange-server-2010-part2.html

    • Proposed as answer by PS CL Wednesday, May 14, 2014 6:33 PM
    Thursday, April 3, 2014 1:47 PM
  • Any updates on this?
    Wednesday, April 30, 2014 2:20 PM
  • Oh man, what a trip this was. It turned out to be, of course, a DNS issue with our web host. I am utterly disappointed with myself for chasing my tail. I have learned (too many times) that when something really weird is happening that defies explanation, IT'S ALWAYS DNS.

    LOL, okay, maybe not always, but always consider it as a potential culprit, folks.


    Cathy Burnham, MCSA

    Thursday, May 15, 2014 5:10 PM