The Name on the security certificate is invalid or does not match the name of the site
After following the articles I posted about a few days ago about our exchange 2003 to 2010 upgrade, we ran into another hiccup. You receive an error when opening outlook “The Name on the security certificate is invalid or does not match the name of the site.” This is because our certificate didnt match the fqdn of the mail server. For us the fqdn was exchange.ads.ssc.wisc.edu, and the cert was for exchange.ssc.wisc.edu. After some googlefoo, I found the solution.
You can change all but two of teh URL’s in the exchange management console. Go to server configuration, then to the CAS role. When you open on properties on the different sections (OWA, ECP, etc), you will see the url’s used both internally and externally. Change all those to match the cert (in our case the outside facing url was right). That will get you all but two. The next two have to be done in the exchnage powershell environment.
You can start by typing:
Get-ClientAccessServer -identity CASservername | FL
At the top of the returned info is AutoDiscoverServiceInternalUri. That will be pointing to the wrong url. To change it, type the following:
Set-ClientAccessServer -Identity "CASServerName" -AutodiscoverServiceInternalURI https://domainonthecert/autodiscover/autodiscover.xml
My code was:
Set-ClientAccessServer -Identity "exchange" -AutodiscoverServiceInternalURI https://exchange.ssc.wisc.edu/autodiscover/autodiscover.xml
If you run the first command again, you can verify it has been changed. Second command is this:
Get-WebServicesVirtualDirectory
To fix this one, we would use:
Set-WebServicesVirtualDirectory -Identity "CASservername\EWS (Default Web Site)" -InternalUrl https://domainonthecert/EWS/Exchange.asmx
For example, here is what I put in:
Set-WebServicesVirtualDirectory -Identity "exchange\EWS (Default Web Site)" -InternalUrl https://exchange.ssc.wisc.edu/EWS/Exchange.asmx
After that, go to IIS, open up the application pool, and right click on MSExchangeAutodiscoverAppPool and click recycle.
After that, Outlook opened without any more errors.