Error: 'The name of the security certificate is invalid or does not match the name of the site'

When Microsoft Outlook 2007 users connect to an Exchange 2007 server, they may experience the error: The name of the security certificate is invalid or does not match the name of the site. Fortunately, this doesn't mean a third party has hijacked your Exchange server for nefarious ends or monkeyed around with your security certificate.

The security certificate error only occurs when a Microsoft Outlook 2007 user connects to Exchange Server from within the local network and when one of the following conditions is present:

1. The default self-signed Exchange Server 2007 certificate, which is generated when Exchange 2007 is installed, has been replaced with a new one.
2. The common name on the new certificate does not match the fully qualified domain name (FQDN), of the URL for:
• The Service Connection Point object for the Autodiscover service
• The InternalURL attribute of the Exchange 2007 Web Service (EWS), the Offline Address Book Web service, or the Exchange Unified Messaging (UM) Web service.

The URL that stores these objects employs the NetBIOS name of the server. So if you change the NetBIOS name of the Exchange server, the URL changes as well.

If your Exchange server is named utena and you're in the domain ohtori.org, the Autodiscover service's URL will be https://utena.ohtori.org/autodiscover/autodiscover.xml.

If the FQDN in the replacement certificate uses something like mail.ohtori.org, this will create a mismatch and you'll get the aforementioned error.

The best way to fix this is not to create a new security certificate -- that would involve too much hassle. Instead, you need to replace the URLs for the affected Exchange...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT User Authentication for Microsoft Outlook and OWA Lock down direct file access and protect OWA users Obtaining and verifying SSL certificates in Exchange Server Top 5 Outlook Web Access (OWA) tips of 2008 Manage user rights and access to Outlook Web Access (OWA) mailboxes Create a secure Microsoft Outlook Web Access (OWA) redirect page Why does a security alert pop up when accessing Outlook Web Access? OWA won't load after applying Exchange 2007 SP1 security patch Minimize remote and mobile Outlook Web Access (OWA) security risks How to improve Outlook Web Access (OWA) security Alleviate Outlook Web Access (OWA) email attachment security issues Microsoft Outlook Outlook 2007 shut-down problems and fixes Microsoft Outlook and SharePoint calendar dos and don'ts Free tools facilitate large-scale Outlook and SharePoint integrations Exchange Mailbag: POP3 settings and Outlook issues Pros and cons of Outlook 2007's storage engine redesign Fix Outlook 2007 and SharePoint synchronization breaks Email issues after configuring hosted Exchange server on laptop Avoid Outlook 2007 performance issues during repairs A behind-the-scenes look at Outlook 2007 and SharePoint integration When to use a self-signed certificate with Exchange Server 2007 Microsoft Outlook Research Microsoft Exchange Server 2007 Is your Exchange 2007 hub transport server healthy? Top 5 Exchange ActiveSync tips Two useful tools for documenting an Exchange Server installation Controlling spam in Exchange 2007 at the edge transport server level Restore Exchange storage groups with DPM 2007 How a hosted Exchange service can help you Email issues after configuring hosted Exchange server on laptop Migrating to Exchange 2007 with correct permissions Virtualize Exchange Server 2007 -- without losing your job How DSAccess service improves Exchange Server 2007 reliability Microsoft Exchange Server 2007 Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Vouch by Reference (VBR)  (SearchExchange.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

2007 components.

You do this from the command line by using the Exchange Management Shell. Exact instructions are documented in Microsoft Knowledge Base article 940726. The commands can be copied out, modified as needed, and then pasted into a shell session to make the job all that much easier.

If you're thinking about replacing the native Exchange 2007 security certificate with a third-party certificate to preemptively avoid this problem, look for a certificate authority that supports Subject Alternative Names (this link describes how to add a certificate to Exchange 2007 that supports SAN fields, since the process requires some manual work to implement correctly).

Using Subject Alternative Names allows a certificate to provide multiple namespace references for objects. This means you can have the same object covered with multiple name references through a single certificate.

About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.

MEMBER FEEDBACK TO THIS EXCHANGE SERVER TIP

This tip is excellent. Everywhere else I have read stated that a new certificate was required. I have made these simple changes and now both internal and external users are getting a true secure connection to the Exchange server. Thanks.
—Eric M.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.