Exchange 2010 - Certificate error on internal Outlook 2013 connections

Posted by Lorenz Meyer on Server Fault See other posts from Server Fault or by Lorenz Meyer
Published on 2014-08-06T06:56:58Z Indexed on 2014/08/19 16:22 UTC
Read the original article Hit count: 258

I have an Exchange 2010 and Outlook 2003. The exchange server has a wildcard SSL certificate installed *.domain.com, (for use with autodiscover.domain.com and mail.domain.com). The local fqdn of the Exchange server is exch.domain.local. With this configuration there is no problem.

Now I started upgrading all Outlook 2003 to Outlook 2013, and I start to get consistently a certificate error in Outlook :

The Name on the security certificate is invalid or does not match the name of the site

I understand why I get that error: Outlook 2013 is connecting to exch.domain.local while the certificate is for *.domain.com.

I was ready to buy a SAN (Subject Alternate Names) Certificate, that contains the three domains exch.domain.local, mail.domain.com, autodiscover.domain.com. But there is a hindrance: the certificate provider (in my case Godaddy) requires that the domain is validated as being our property. Now it is not possible for an internal domain that is not accessible from the internet. So this turns out not to be an option.

Create self-signed SAN certificate with an Enterprise CA is an other option that is barely viable: There would be certificate error with every access to webmail, and I had to install the certificate on all Outlook clients.

What is a recommended viable solution ?

Is it possible to disable certificate checking in Outlook ?
Or how could I change the Exchange server configuration so that the public domain name is used for all connections ?
Or is there another solution I'm not thinking of ?

Any advice is welcome.

© Server Fault or respective owner

Related posts about exchange-2010

Related posts about ssl-certificate