Question : Microsoft Exchange 2010


I have a single server that is currently running Windows Server 2008 and configured as a domain controller. I am using this box for testing and have installed Exchange 2010 onto it as well. The server currently has the same domain name configured as a production domain I work with. The server has an SSL certificate that is valid for both and This SSL certificate is currently being used by Exchange.

I have hit an issue with the FQDN of the server and the SSL being used by Outlook clients when connecting to Exchange. When I use Outlook to connect to the server I am always prompted with an SSL error that states the certificate does not match the name of the host.

To try and stop this I configured Outlook to connect to but (I guess because of autodiscover?) it automatically changes to upon saving account settings. Launching Outlook obviously then displays the same SSL error.

I have looked at changing the verious URLs used by Exchange 2010 to try and stop the SSL error from happening. I guess what I need to achieve is the changing of URLs used by Exchange 2010 from to I can make resolve internally and externally to the same server and obviously the SSL would be vaild for such a URL.

I read this article:

I have tested modifying the internal URLs as per that article and tried connecting Outlook to but it couldn't connect and Outlook still changed the server name to!

I have also seen this article:

which is for Exchange 2007 but the principle is the same. I believe that what I changed on my Exchange 2010 server based upon the Microsoft article looks to be the same as the above blog anyway.

So if I am correct in assuming what I need to do, is it possible to change the URLs so that both internally and externally Outlook clients (external clients would be using Outlook anywhere) connect to and not and are not prompted with the SSL error?

Changing the current SSL certificate for anything different is not an option.

Answer : Microsoft Exchange 2010

Is your active directory domain setup as

Getting A UCC certificate _is_ going to be the easiest way to fix (I know you dont want to, just putting it out there, it is the CORRECT way to do it)

This deals with a lot of the concepts that you are trying to work with (it is for 2007 but it is the same in 2010)

You can look at setting up certificate services on your domain and creating a CSR from exchange and issuing it from your own CA.

Random Solutions  
programming4us programming4us