Skip to main content

Warning: The name of the security certificate is invalid or does not match the name of the site

If you use commercial SSL certificate for your organization's Outlook Web Access (OWA) you will have to manually change the certificate OWA uses since by default OWA uses self-signed certificate.

When you do that you need to enable new certificate for Exchange 2007 services. You do that by using Enable-ExchangeCertificate cmdlet in Exchange Management Shell. First:

Get-ExchangeCertificate | fl Subject, Thumbprint, Services

... to get the thumbprint of the certificate you want to enable for IIS and you previously imported into IIS. Then:

Enable-ExchangeCertificate -Thumbprint (COPYTHECORRECTTHUMBPRINTFROMPREVIOUSCOMMAND) -Services IIS

Now that your certificate is in place and enabled for IIS services you need to change Internal URL's to use new FQDN you are using in your certificate. If you don't do that you will get "The name of the security certificate is invalid or does not match the name of the site" warning when you start Outlook 2007. Let's presume your CAS server's name is CASSRV and the FQDN of the certificate is mail.exchangelog.info. So, to change internal URL's you need to run following commands:

Set-ClientAccessServer -Identity CASSRV -AutodiscoverServiceInternalUri https://mail.exchangelog.info/autodiscover/autodiscover.xml

Set-WebServicesVirtualDirectory -Identity "CASSRV\EWS (Default Web Site)" -InternalUrl https://mail.exchangelog.info/ews/exchange.asmx

Set-OABVirtualDirectory -Identity "CASSRV\OAB (Default Web Site)" -InternalUrl https://mail.exchangelog.info/oab

Set-UMVirtualDirectory -Identity "CASSRV\unifiedmessaging (Default Web Site)" -InternalUrl https://mail.exchangelog.info/unifiedmessaging/service.asmx

I suggest that you run get-WILLBEUSEDCOMMAND before you run Set- command where WILLBEUSEDCOMMAND is a command you plan to use in order to check/write down current settings always before you start changing things.

Related article: http://support.microsoft.com/default.aspx/kb/940726

Comments

Popular posts from this blog

Error "<#5.5.2 smtp;554 5.5.2 Invalid data in message> #SMTP#" when you send attachment in your mail

Some users were receiving error <#5.5.2 smtp;554 5.5.2 Invalid data in message> #SMTP# when they sent message with attachment. The problem is when attached document name is longer than 50 characters. Some Firewalls have header size restriction and that limit blocks this messages to be sent. To correct this, change header limit on affected Firewall or shorten the name of the document you are sending (which is probably not good permanent solution).******
Update #1: Default header size limit in Exchange 2007 is 64K.Update #2: It might be the SMTP version problem. Mail is rejected with CONTENT-DISPOSITION error (overly long message header field for CONTENT-DISPOSITION) but not for all SMTP servers (same mail sent through different SMTP servers). If you send mail with attachment that has name longer than 50 characters from Exchange 2007 directly through DNS you may encounter this error, but if you send same mail from Exchange 2007 through smart host (other than Exchange) mail is d…

Change SMTP port 25 in Exchange 2007, 2010

For some reason you might want to change default SMTP port number 25 Exchange 2007 is using. Exchange 2007 uses RECEIVE AND SEND connectors, one for receiving mails and other for sending mails (obviously ;)
So you need to change ports on those connectors. I will not say those two, because you might be using more than two.
You change Receive connector port by opening the connector properties in Exchange Management Console --> Hub Transport --> RECEIVECONNECTORNAME --> Properties --> Network --> Local IP Addresses (Edit Receive Connector Binding)
Just to clarify what "Local IP Addresses" and "Remote Servers" are (from Exchange 2007 help), because I find it little bit confusing: Use these local IP Addresses to receive mail Use this list to specify the IP addresses and port numbers on which this Receive connector listens for incoming mail. Receive mail from remote servers which have these IP addresses Use this list to specify the remote IP address range fr…

Restore Time Machine backup from Synology

If you find yourself in a situation where you need to restore your Mac from a Synology NAS, you will find out pretty soon after you enter the recovery mode, that backup disk is not visible in recovery window. Steps need to be executed in order Recovery process to find NAS.

Best practise is to name Time Machine shared folder on Synology without spaces. Second, if you are using a password with spaces, which I strongly suggest from security point of view, always put it between ' ' example: 'This is my password'.

Enter the OS X recovery mode by holding Command +R (when Mac restarts and display is grey)When window with options is presented, select Utilities from the bar and select TerminalIn Terminal use following commands:Cd /Volumesls /laCreate a folder to mount Synology to by typing mkdir synologyNow mount your NAS by entering following commandmount -t afp afp://admin:password@10.10.10.11/TimeMachine synology Where admin is your username with administrative rights, passwo…