Pages

Monday, July 12, 2010

Common Name matters for Outlook Anywhere Certificate (Exchange 2007)

Came across this awhile ago during my earlier deployments of Exchange 2007:

Common name was webmail.domain.ca and the SAN entry was mail.domain.ca.

clip_image002

Testing SSL mutual authentication with RPC Proxy server

Failed to verify Mutual Authentication

clip_image003 Tell me more about this issue and how to resolve it

clip_image004

Additional Details

The certificate common name webmail.domain.ca, doesn't validate against Mutual Authentication string provided msstd:mail.domain.ca

What I learned here is that the URL you’re going to use for Outlook Anywhere HAS TO be the first entry if you’re using a SAN.

I remember trying to ask at Tech Ed 2010 North America whether this and the wildcard problem with iPhones problems was fixed in Exchange 2010 but didn’t end up getting an answer.

2 comments:

Anonymous said...

Terence, thats not exactly right, to solve the mentioned error, all you need to do is match your "externalhostname" to the commone name of your certificate by using set-outlookanywhere command.

Frank said...

This is a good alternative for all kinds of SSL.