Security certificate is invalid or does not match the name of the site Error (Outlook 2007)

From ben.goodacre.name/tech

Jump to: navigation, search

Symptom

Outlook 2007 users utilise 'autodiscover' and consequently get a SSL certificate error relating to a mismatch between the name on the SSL certificate and the host name used to access Exchange:

Information you exchange with this site cannot be viewed or changed by others.
However, there is a problem with the site's security certificate.
   X   The name of the security certificate is invalid or does not match the name of the site

Cause

As Outlook is accessing SSL via an internal hostname such as exchange-cas.companyabc.local on SSL that is setup for an external host name such as webmail.companyabc.com the host names do not match and the above error occurs.

Solution

The best solution for this is to change the InternalURL property for various functions and also to set an internal DNS record for the external host name, in this example webmail.companyabc.com . After which the following must be done in EMS:

Get-ClientAccessServer -Identity Ex-CAS-Server| FL
Set-ClientAccessServer -Identity Ex-CAS-Server -AutoDiscoverServiceInternalUri https://webmail.companyabc.com/Autodiscover/Autodiscover.xml

Get-WebServicesVirtualDirectory -Identity  “Ex-CAS-Server\EWS (Default Web Site)”
Set-WebServicesVirtualDirectory -Identity “Ex-CAS-Server\EWS (Default Web Site)” -InternalURL https://webmail.companyabc.com/EWS/Exchange.asmx -BasicAuthentication:$true

Get-OabVirtualDirectory -Identity "Ex-CAS-Server\OAB (Default Web Site)"
Set-OabVirtualDirectory -Identity "Ex-CAS-Server\OAB (Default Web Site)" -InternalURL https://webmail.companyabc.com/OAB
Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox