Skip to main content

Warning: The name of the security certificate is invalid or does not match the name of the site

If you use commercial SSL certificate for your organization's Outlook Web Access (OWA) you will have to manually change the certificate OWA uses since by default OWA uses self-signed certificate.

When you do that you need to enable new certificate for Exchange 2007 services. You do that by using Enable-ExchangeCertificate cmdlet in Exchange Management Shell. First:

Get-ExchangeCertificate | fl Subject, Thumbprint, Services

... to get the thumbprint of the certificate you want to enable for IIS and you previously imported into IIS. Then:

Enable-ExchangeCertificate -Thumbprint (COPYTHECORRECTTHUMBPRINTFROMPREVIOUSCOMMAND) -Services IIS

Now that your certificate is in place and enabled for IIS services you need to change Internal URL's to use new FQDN you are using in your certificate. If you don't do that you will get "The name of the security certificate is invalid or does not match the name of the site" warning when you start Outlook 2007. Let's presume your CAS server's name is CASSRV and the FQDN of the certificate is mail.exchangelog.info. So, to change internal URL's you need to run following commands:

Set-ClientAccessServer -Identity CASSRV -AutodiscoverServiceInternalUri https://mail.exchangelog.info/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "CASSRV\EWS (Default Web Site)" -InternalUrl https://mail.exchangelog.info/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "CASSRV\OAB (Default Web Site)" -InternalUrl https://mail.exchangelog.info/oab

Set-UMVirtualDirectory -Identity "CASSRV\unifiedmessaging (Default Web Site)" -InternalUrl https://mail.exchangelog.info/unifiedmessaging/service.asmx

I suggest that you run get-WILLBEUSEDCOMMAND before you run Set- command where WILLBEUSEDCOMMAND is a command you plan to use in order to check/write down current settings always before you start changing things.

Related article: http://support.microsoft.com/default.aspx/kb/940726

Comments

Popular posts from this blog

Netscaler vs Exchange 2019 "time out during ssl handshake stage

If you are using Citrix Netscaler as load balancer in front of Exchange 2019 server you must know this: Microsoft Exchange 2019 is secured by default and allows only TLS 1.2. Therefore default schannel settings are as follows (using IISCrypto tool from Nartac Software): While Citrix Netscaler offers following Cipher Suites: TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 TLS_DH_anon_WITH_DES_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA Now, you will fi

Change SMTP port 25 in Exchange 2007, 2010

For some reason you might want to change default SMTP port number 25 Exchange 2007 is using. Exchange 2007 uses RECEIVE AND SEND connectors, one for receiving mails and other for sending mails (obviously ;) So you need to change ports on those connectors. I will not say those two, because you might be using more than two. You change Receive connector port by opening the connector properties in Exchange Management Console --> Hub Transport --> RECEIVECONNECTORNAME --> Properties --> Network --> Local IP Addresses (Edit Receive Connector Binding) Just to clarify what "Local IP Addresses" and "Remote Servers" are (from Exchange 2007 help), because I find it little bit confusing: Use these local IP Addresses to receive mail Use this list to specify the IP addresses and port numbers on which this Receive connector listens for incoming mail. Receive mail from remote servers which have these IP addresses Use this list to specify the

Exchange Admin Center language

Depending on your computer language settings, Exchange Admin Center can take those and open in a language you actually don't want to use. You'll Google that this can be changed if administrator/ admin user has mailbox by openening OWA settings and changing Regional parameters. But usually Admin user does not have mailbox or you don't want her/him to have it. You will search again and find that you can add mkt=en-US (as an example) to the URL of the Exchange Admin Center (https://yourexchangehostname/ecp?ExchClientVer=15&mkt=en-US) Third option you have is opening Internet Explorer settings (I am using Windows 2016) Click languages Click Set Language Preferences Add language you want to use by clicking Add language Use Move up or Move Down options to put desired language on top Close Internet Explorer Open it again and login again to Exchange Admin Center