Outlook Anywhere SSL problem

[Schoolies]

I have to be missing something simple here...

Outlook clients can connect remotely and everything works just fine... except it complains of an SSL certificate problem - but that only shows up about 30 seconds after you've already connected and it is saying the main external domain certificate is not valid. If you just bypass the cert error - Outlook continues to work without any problems.

There is a valid certificate for mail.company.com which is where the 2008 SBS server is located but I do not have a certificate for company.com because that is the web server.

So something is pointing to company.com when it really should be mail.company.com. I've looked around the internal/external URLs and don't see anything wrong there.

Driving me nuts!
thanks for your suggestions!

 

[drebo]

Typically, you'll use a UCS certificate so you have one certificate securing all domains in use. You also typically will need a certificate for both the internal and the external names of the server.

Without a bit more information (the cert path that's actually in use by outlook anywhere, as well as what you actually expect), it'll be tough to identify.

 

[Schoolies]

Thanks drebo. I have a multiple domain UCC certificate from GoDaddy with the following subject alt names:

mail.company.com
company.com
server
server.domain.local

 

[drebo]

And this cert is applied to the Default instance in IIS?

 

[Schoolies]

Hi Drebo,

Yes it is. It is a 2008 SBS server, so it is on the SBS Web Applications site.
*edit: sorry 2008, sbs not 2003.

 

[drebo]

Well, again, check the certificate trust paths that you get and that you expect. Make sure that you loaded the intermediary certificates on the server PRIOR to loading the SAN certificate. If you didn't, uninstall the SAN certificate and then import the intermediaries (they'll be p7b files in the zip you downloaded from godaddy) and then reimport the cert.