Could not match host name in server certificate

Similar Messages

• SSLException: Name in certificate "host1" does not match host name "host2"

  Hi all,
  I am using a hosted WebDAV/Subversion service to store my files. The provider has connected my domain name to the service, so now I can access the service through my domain name :-)
  However, the provider cannot assign a static dedicated IP for the server which provides my content, hence he cannot set an SSL certificate for my domain name. Any time I access the service I am getting an SSL warning telling me that the domain name does not match that on the certificate... So far had no problem with that. The Web browser, the Windows Explorer, and the Subversion client allow me to accept the connection.
  Now I need to set up some automatic build software (Maven) and it appears that the JRE has a problem with these name mismatches -- it just throws an exception and does not allow me to accept the connection :-( In order to ensure that this is a JRE problem, I have tried to connect to the service with a Java-based WebDAV client (DAVExplorer) -- same thing -- here is the message thrown by DAVExplorer:
  javax.net.ssl.SSLException: Name in certificate "his.domain.name" does not match host name "my.domain.name"
  Is there some configuration file, system property or switch that I can use to make the JRE ignore the domain name mismatch thing?
  Please help,
  Adrian.

  Here is a quick example I put together. Most of the code was autogenerated by Eclipse "Generate Delegate Methods" on the urlConn field of the class. This is just an example; I haven't given it much thought; it probably opens up other security holes and I take no responsibility for it.
  In my example, I have an SSL server with the name "dawntreader" in the certificate, but my URL is https://192.168.10.7/ which triggers the name mismatch. I have not actually tested it with maven, but looking at these docs (http://maven.apache.org/guides/mini/guide-repository-ssl.html) I think that you should be able to add the following to the MAVEN_OPTS environment variable: -Djava.protocol.handler.pkgs=MyHttpsUrlConnection and make sure the MyHttpsUrlConnection.class file is on the classpath
  import java.io.IOException;
  import java.io.InputStream;
  import java.io.OutputStream;
  import java.net.MalformedURLException;
  import java.net.ProtocolException;
  import java.net.URL;
  import java.security.Permission;
  import java.security.Principal;
  import java.security.cert.Certificate;
  import java.util.List;
  import java.util.Map;
  import javax.net.ssl.HostnameVerifier;
  import javax.net.ssl.HttpsURLConnection;
  import javax.net.ssl.SSLPeerUnverifiedException;
  import javax.net.ssl.SSLSession;
  import javax.net.ssl.SSLSocketFactory;
  import javax.security.auth.x500.X500Principal;
  public class MyHttpsURLConnection extends HttpsURLConnection
      static class MyHostnameVerifier implements HostnameVerifier
          private static final String EXPECTED_HOSTNAME = "dawntreader";
          private String getCN(String DN)
              String [] dnComponents = DN.split(",");
              // Find one that starts with CN=
              for (String component : dnComponents)
                  if (component.startsWith("cn="))
                      return component.substring(3);
              return "";
          @Override
          public boolean verify(String hostname, SSLSession session)
              try
                  X500Principal peerPrincipal = (X500Principal) session.getPeerPrincipal();
                  String DN = peerPrincipal.getName("CANONICAL");
                  // now parse the CN out of the effing DN
                  // We should also get the subject alternative names
                  // from the peer certificate
                  String CN = getCN(DN);
                  return CN.equals(EXPECTED_HOSTNAME);
              } catch (SSLPeerUnverifiedException e)
                  return false;
      private final HttpsURLConnection urlConn;
      public MyHttpsURLConnection(URL url) throws IOException
          super(url);
          urlConn = (HttpsURLConnection) url.openConnection();
          urlConn.setHostnameVerifier(new MyHostnameVerifier());
      public void addRequestProperty(String key, String value)
          this.urlConn.addRequestProperty(key, value);
      public void connect() throws IOException
          this.urlConn.connect();
      public void disconnect()
          this.urlConn.disconnect();
      public boolean equals(Object obj)
          return this.urlConn.equals(obj);
      public boolean getAllowUserInteraction()
          return this.urlConn.getAllowUserInteraction();
      public String getCipherSuite()
          return this.urlConn.getCipherSuite();
      public int getConnectTimeout()
          return this.urlConn.getConnectTimeout();
      public Object getContent() throws IOException
          return this.urlConn.getContent();
      public Object getContent(Class[] classes) throws IOException
          return this.urlConn.getContent(classes);
      public String getContentEncoding()
          return this.urlConn.getContentEncoding();
      public int getContentLength()
          return this.urlConn.getContentLength();
      public String getContentType()
          return this.urlConn.getContentType();
      public long getDate()
          return this.urlConn.getDate();
      public boolean getDefaultUseCaches()
          return this.urlConn.getDefaultUseCaches();
      public boolean getDoInput()
          return this.urlConn.getDoInput();
      public boolean getDoOutput()
          return this.urlConn.getDoOutput();
      public InputStream getErrorStream()
          return this.urlConn.getErrorStream();
      public long getExpiration()
          return this.urlConn.getExpiration();
      public String getHeaderField(int n)
          return this.urlConn.getHeaderField(n);
      public String getHeaderField(String name)
          return this.urlConn.getHeaderField(name);
      public long getHeaderFieldDate(String name, long Default)
          return this.urlConn.getHeaderFieldDate(name, Default);
      public int getHeaderFieldInt(String name, int Default)
          return this.urlConn.getHeaderFieldInt(name, Default);
      public String getHeaderFieldKey(int n)
          return this.urlConn.getHeaderFieldKey(n);
      public Map<String, List<String>> getHeaderFields()
          return this.urlConn.getHeaderFields();
      public HostnameVerifier getHostnameVerifier()
          return this.urlConn.getHostnameVerifier();
      public long getIfModifiedSince()
          return this.urlConn.getIfModifiedSince();
      public InputStream getInputStream() throws IOException
          return this.urlConn.getInputStream();
      public boolean getInstanceFollowRedirects()
          return this.urlConn.getInstanceFollowRedirects();
      public long getLastModified()
          return this.urlConn.getLastModified();
      public Certificate[] getLocalCertificates()
          return this.urlConn.getLocalCertificates();
      public Principal getLocalPrincipal()
          return this.urlConn.getLocalPrincipal();
      public OutputStream getOutputStream() throws IOException
          return this.urlConn.getOutputStream();
      public Principal getPeerPrincipal() throws SSLPeerUnverifiedException
          return this.urlConn.getPeerPrincipal();
      public Permission getPermission() throws IOException
          return this.urlConn.getPermission();
      public int getReadTimeout()
          return this.urlConn.getReadTimeout();
      public String getRequestMethod()
          return this.urlConn.getRequestMethod();
      public Map<String, List<String>> getRequestProperties()
          return this.urlConn.getRequestProperties();
      public String getRequestProperty(String key)
          return this.urlConn.getRequestProperty(key);
      public int getResponseCode() throws IOException
          return this.urlConn.getResponseCode();
      public String getResponseMessage() throws IOException
          return this.urlConn.getResponseMessage();
      public Certificate[] getServerCertificates() throws SSLPeerUnverifiedException
          return this.urlConn.getServerCertificates();
      public SSLSocketFactory getSSLSocketFactory()
          return this.urlConn.getSSLSocketFactory();
      public URL getURL()
          return this.urlConn.getURL();
      public boolean getUseCaches()
          return this.urlConn.getUseCaches();
      public int hashCode()
          return this.urlConn.hashCode();
      public void setAllowUserInteraction(boolean allowuserinteraction)
          this.urlConn.setAllowUserInteraction(allowuserinteraction);
      public void setChunkedStreamingMode(int chunklen)
          this.urlConn.setChunkedStreamingMode(chunklen);
      public void setConnectTimeout(int timeout)
          this.urlConn.setConnectTimeout(timeout);
      public void setDefaultUseCaches(boolean defaultusecaches)
          this.urlConn.setDefaultUseCaches(defaultusecaches);
      public void setDoInput(boolean doinput)
          this.urlConn.setDoInput(doinput);
      public void setDoOutput(boolean dooutput)
          this.urlConn.setDoOutput(dooutput);
      public void setFixedLengthStreamingMode(int contentLength)
          this.urlConn.setFixedLengthStreamingMode(contentLength);
      public void setHostnameVerifier(HostnameVerifier v)
          this.urlConn.setHostnameVerifier(v);
      public void setIfModifiedSince(long ifmodifiedsince)
          this.urlConn.setIfModifiedSince(ifmodifiedsince);
      public void setInstanceFollowRedirects(boolean followRedirects)
          this.urlConn.setInstanceFollowRedirects(followRedirects);
      public void setReadTimeout(int timeout)
          this.urlConn.setReadTimeout(timeout);
      public void setRequestMethod(String method) throws ProtocolException
          this.urlConn.setRequestMethod(method);
      public void setRequestProperty(String key, String value)
          this.urlConn.setRequestProperty(key, value);
      public void setSSLSocketFactory(SSLSocketFactory sf)
          this.urlConn.setSSLSocketFactory(sf);
      public void setUseCaches(boolean usecaches)
          this.urlConn.setUseCaches(usecaches);
      public String toString()
          return this.urlConn.toString();
      public boolean usingProxy()
          return this.urlConn.usingProxy();
      public static void main(String[] args) throws MalformedURLException, IOException
          MyHttpsURLConnection urlConn = new MyHttpsURLConnection(new URL(
                  "https://192.168.10.7/"));
          urlConn.connect();
          InputStream is = urlConn.getInputStream();
          int nread = 0;
          byte[] buf = new byte[8192];
          while ((nread = is.read(buf)) != -1)
              System.out.write(buf, 0, nread);
  }

• Name in certificate `URL' does not match host name `URL'

  Hello,
  We are getting the error
  Name in certificate `URL' does not match host name  `URL'?
  Can someone can provide solution to resolve the above error? Also can you please inform whether Coldfusion 8 supports checking the Subject Alternative Names in the SSL  certificate? If so, kindly tell us how to do it.
  Environment that we use is coldfusion 8 with sql server 2005 (DB). If you have any query please let me know.
  Thanks,
  Satheesh.

  Hi Siva,
  we have faced the same problem on our application. To overcome this we used the below workarround...
  Make the host entry for webservice provider [serviceprovider.test.com] pointing to its IP [172.99.71.12].
  In cfm file
  There's no need to add the proxy and the port in the cfm file.
               <cfhttp method="Post" url="#WEBSERVICE_SERVICE_PROVIDER#" resolveurl="Yes">
                  <cfhttpparam type="Formfield" name="xmlValue" value="#tostring(xml)#">
              </cfhttp>
  The below URL will help you on debugging CFHTTP Request
  http://kb2.adobe.com/cps/998/9987e902.html

• There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site "Mailserver"

  Good day Guys
  First of all I am not an Exchange Expert, and I might be asking a very stupid question, but please bare with me. :) 
  While I was on leave our Mail server fell over and The company got a Specialist to help out for the time being.
  We where\are on Microsoft Exchange 2007 , which Fell over, and the specialist was able to recover as much data as he could.
  They then installed Exchange 2013 and tried to migrate everything from 2007 to 2013 and not everything migrated over.
  But the problem is, Outlook Anywhere was enable on 2007 and worked a 100% (before the disaster)
  With Exchange 2013 I get the following error message when trying to connect With Outlook 2013, using an external connection:
  "There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site "Mailserver"
  Outlook is unable to connect to the Proxy server. (Error Code 0)"
  Has anyone had the Similar when migrating over from 2007 to 2013 or is this an Issue on IIS and nothing to do with Exchange migration?
  Your assistance will be greatly appreciated.

  Hi,
  Firstly, I would suggest we use Exchange 2013 FE as the Outlook Anywhere proxy server.
  For the certificate issue, it mostly occurs because the host name that Outlook are trying to access does not match the certificate SAN. Please check with this point. If they do not match, you
  can change the host name by referring to the following article:
  https://support.microsoft.com/kb/940726/en-us?wa=wsignin1.0
  Thanks,
  Simon Wu
  TechNet Community Support

• Exchange 2013 w/Outlook 2013 "The name of the security certificate is invalid or does not match the name of the site"

  I've completed an upgrade from Exchange 2003 to Exchange 2013 and I have one last SSL message that I can't get rid of.  I've installed a 3rd party cert that is working great for webmail and cell phone access but for some reason the Outlook 2010/2013
  clients get prompted for a security warning.  I just implemented the SSL cert yesterday and I've noticed that new installs of Outlook seem to work just fine.  My Outlook 2013 client doesn't prompt me with the message but I have other users who are
  still getting the "The name of the security certificate is invalid or does not match the name of the site" error.  The domain on the cert error show up as server.mydomain.local.  I've gone through all the virtual directories and pointed
  all of my internal and external URL's to https://mail.mydomain.com.   This made one of the two warnings go away but not the second.  I've dug around on google and gone through everything I could find here and as far as I can tell my internal
  and external url's are configured properly and I can't figure out where this error is originating from.  Any ideas on where I should look outside of the virtual directories? 
  I'm including a good link I found that contains all of the virtual directories I updated.  I've checked them through both CLI and GUI and everything looks good.
  http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2013/
  http://jaworskiblog.com/2013/04/13/setting-internal-and-external-urls-in-exchange-2013/

  Hi,
  When the Outlook connect to Exchange 2013/Exchange 2010, the client would connect to Autodiscover service to retrieve Exchange service automatically from server side. This feature is not available in Exchange 2003 Outlook profile.
  Generally, when mailbox is moved to Exchange 2013, the Outlook would connect to server to automatically update these information. It needs time to detect and update the changes in server side. I suggest we can do the following setting For autodiscover service:
  Get-ClientAccessServer | Set-ClientAccessServer –AutodiscoverServiceInternalUri https://mail.mydomain.com/autodiscover/autodiscover.xml
  Please restart IIS service by running IISReset in a Command Prompt window after all configuraions.
  Regards,
  Winnie Liang
  TechNet Community Support

• The name of the security certificate is invalid or does not match the name of the site error?

  I am looking for some help folks. We are in a Outlook 2007/Exchange2010/Windows2008R2 environment.
  When users open Outlook off the network, and occasionally on the network, they get the error
  The name of the security certificate is invalid or does not match the name of the site error
  The CAS hostname is HRECAS.XXX.ORG. The URL that is listed on the SSL certificate (issued by VeriSign) is WEB.XXX.ORG. WEB.XXX.ORG is what users use to get to OWA and such.
  When I use testexchangeconnectivity.com, under certificate name validation I see an error that reads:
  Host name autodiscover.xxx.org doesn't match any name found on the server certificate CN=web.xxx.org.
  Does this mean somehow we have to add autodiscover.xxx.org on the certificate?
  I tried to add AutoDiscoverExternalUri using
  http://support.microsoft.com/?kbid=940726 &
  http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/2d0c0f5f-e4ec-4f33-a37d-b94fd7a2319f on the CAS server.
  Set-ClientAccessServer -identity HRECAS -AutodiscoverServiceExternalUri
   https://autodiscover.xxx.org/Autodiscover/Autodiscover.xml 
  I get an error that says
  "a positional parameter cannot be found that accepts argument '-AutoDiscoverExternalUri'.
  Can someone point to me what I am doing wrong with the command and whether I should be concerning myself with adding that line? By the way the
  InternalUrl information is already configured on the system. Also should I edit the certificate to add autodiscover.xxx.org?
  Thank in advance for your support.
  TD
  TD

  Hi Tapera,
  Thanks for the question.
  SRV record is a good idea. You can set the SRV to
  https://web.abc.com/autodiscover/autodiscover.xml but you must make sure the
  url can be resolved from External clients.
  In addition, there is still a issue. It is hard coded that Outlook will find the autodiscover by the orders below:
  1. Access autodiscover via SCP in AD.
  https://web.abc.com/autodiscover/autodiscover.xml
  2. If SCP access fails, it will try:
  https://abc.com/autodiscover/autodiscover.xml
  3. Then
  https://autodiscover.abc.com/autodiscover/autodiscover.xml
  4. Local XML file
  5. SRV record
  As you can see, Outlook will try SRV record at last. Therefore, it will still try to access
  https://autodiscover.abc.com/autodiscover/autodiscover.xml each time you run Outlook. Then the certificate warning will still persists.
  I have a workaround solution. You can do a local policy to disable the autodiscover to access the
  https://autodiscover.abc.ocom/autodiscover/autodiscover.xml by:
  1.   
  On the Outlook client machine, open regedit and add the following key:
  HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Autodiscover
           "ExcludeHttpsAutodiscoverDomain"
           "ExcludeHttpsRootDomain"
  2.   
  Then set the value to “1” on the above two keys.
  Thanks,
  Simon  

• Exchange 2010 - The name on the security certificate is invalid or does not match the name of the site

  Scenario - Two Domains in different forests in production
  Domain ABC.com - Contains Exchange Server 2010 + Windows 2008 R2 AD Domain controllers
  Domain XYZ.com - Windows 2008 R2 Domain controllers + Contains all users + Desktop compuer accounts.
  User logs in to the domain XYZ.com from a desktop and he configures outlook using the user ID in  domain ABC.com.
  When he opens Outlook it is getting connected and he gets an error message pop -up saying 'The name on the security 
  certificate is invalid or does not match the name of the site'
  I am using an external certificate from Thawte for autodiscover.ABC.com & webmail.ABC.com
  I read about one solution provided in MS KB article - http://support.microsoft.com/kb/2772058 
  But in my scenarion there are two domain involved. Pls guide how to clear this.
   

  Hi,
  How about logon [email protected] on ABC domain via OWA?
  If OWA works well, it seems and issue on the Autodiscover side.
  Please run "Test E-mail AutoConfiguration" on Outlook to check whether this issue caused by Certificate Mismatch.
  1.
  Firstly make sure how many host name in your certificate the certificate. Run “Get-ExchangeCertificate | select certificatedomain”.
  2.
  Secondly, check the web services URLs which Outlook are trying to connect to. Run “Test Email AutoConfiguration”.
  3.
  In this scenario, you need to check the host name for the following services:
  Autodiscover, EWS, OAB, ECP, UM
  4.
  If any of the urls above does not match the one in the certificate, refer to the following article to change it via EMS:
  http://support.microsoft.com/kb/940726 
  More details to see following FAQ on "Checklist for Exchange Certificate issues":
  http://social.technet.microsoft.com/Forums/en-US/fa78799b-5c55-4c71-973b-0e186612ff6f/checklist-for-exchange-certificate-issues?forum=exchangesvrgeneral
  Thanks
  Mavis Huang
  TechNet Community Support

• Exchange 2013/2007 coexistence: The Name on the Security Certificate is Invalid or Does Not Match the Name of the Site.

  In the midst of Exchange 2013/2007 coexistence configuration. 
  Currently:
  Exchange 2007:
  2 CAS\HUB
  1 Mailbox server
  Exchange 2013 (2 sites):
  LA:
  1 CAS
  2 MBX servers
  MKE:
  1 CAS 
  2 MBX servers.
  We purchased a certificate from Digicert and added every SAN name we could think of including "legacy.companyname.com", just to be sure. Added certificate to Exchange 2013 CAS servers and 2007 CAS\HUB boxes. Configured virtual directories on Exchange
  2013 MKE-CAS01 but not on Exchange 2013 LA-CAS01. Configured virtual directories to on Exchange 2007 CAS\HUB to point to "legacy.companyname.com". 
  Mailboxes have not been moved yet. I just wanted to get the coexistence between Exchange 2013/2007 up first but some users (not all) receiving
  "The name of the security certificate is invalid or does not match the name of the site" for
  "LEGACY.COMPANYNAME.COM". I remember configuring the AUTODISCOVER virtual directory for Exchange 2007. Any ideas? Thank you.

  Hi,
  Please make sure that the certificate with "legacy.companyname.com" name is enabled for IIS service. We can check it by running the following command in Exchange server 2007:
  Get-ExchangeCertificate | FL
  Thanks,
  Winnie Liang
  TechNet Community Support

• Outlook: The name of the security certificate is invalid or does not match the name of the site

  Hey guys,
  We have setup autodiscover redirection properly (I guessed) by:
  Creating a CNAME from
  AliasName: autodiscover.tenant-domain.com TO
  PrimaryName: autodiscoverredirection.hostname.com.
  Then doing a re-direction to https autodiscover service.
  All seems to be working properly, however, when I open Outlook, it still shows the pop out saying "autodiscover.tenant-domain.com - The name of the security certificate is invalid or does not match the name of the site".
  The autodiscover redirection is indeed working properly, that's why the autodiscover is working, however it is still trying to match autodiscover.tenant-domain.com to the certitifcate instead of matching the re-directed url, which is autodiscover.hostname.com.
  Could anyone advise what is wrong? Or anyone who knows how to correct it can contact me? :)
  Jackson Yap APC Hosting http://www.apc.sg/

  Hi Jason, Well, if it is doing that, it is most likely beccause your autodiscoverredirection.hostname.com also respond to port 443/SSL. So, what you need to do is to make sure that specific IP isn't responding to 443. The reason is this, 1. You first hit
  https://autodiscover.tenant-domain.com, which this is a CNAME to autodiscoverredirection.hostname.com. So, if autodiscoverredirection.hostname.com respond to 443, it will then give you an error. If it doesn, it will then move on to perform redirection right
  away and you will not get that prompt.Regards, Kip Ng - http://blogs.technet.com/b/provtest/

• False message: The document name you requested (/selector_test.html) could not be found on this server. However, we found documents with names similar to the one you requested.

  When I specify http://www.celticmanner.com/selector_test.html to Firefox 6.01, I get the false message:
  Multiple Choices
  The document name you requested (/selector_test.html) could not be found on this server. However, we found documents with names similar to the one you requested.
  Available documents:
  /selector_test.txt (common basename)
  The file http://www.celticmanner.com/selector_test.html IS PRESENT on the host.
  The file http://www.celticmanner.com/selector_test.txt IS NOT. (It had been earlier.)
  I do not find the text "selector_test.txt" anywhere on my partition C! Where does Firefox retain a pointer to this file that no longer exists? And why?
  NB: The text "could not be found on this server" is sloppy. That message is not issued from a servcer, but from the instance of Firefox on my computer. The message should read "could not be found on the specified server".
  B. Somers

  I have the same problem and it does not have to do with firefox. Do you have any idea how to fix it through?

• Outlook Security Alert - "the name on the security certificate is invalid or does not match the name of the site"

  Due to our company changing names, we recently moved to a new domain. All users were at first getting a certificate error when opening Outlook "the name on the security certificate is invalid or does not match the name of the site." After our network
  admin made some changes, nobody receives this error anymore except one user. The URL at the top of the security alert is the old domain, mail.olddomain.com. I checked the users Exchange Proxy Settings in Outlook, everything is showing the URL's of the new
  domain so I'm not sure where this is coming from. I'm assuming it has to be something on her local machine since she is the only one who still gets the error.
  Thanks in advance for any help.
  Exchange server 2008
  Outlook 2010

  Hi,
  Please follow all above suggestions to confirm whether the issue happens in OWA. And run Test E-mail AutoConfiguration in Outlook to check whether there is any URL settings using the old domain.
  If the issue doesn’t happen in OWA and your URL configurations are all same as others and set correctly, please create a new Outlook profile to have a try.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Exchange 2013 - The name of the security certificate is invalid or does not match the name of the site

  Hi,
  I know this question has been asked a ton of times, but I haven't found any instance of this question asked for exchange 2013.  Yes, I've seen Exchange 2010, Exchange 2007, but not Exchange 2013.  The symptoms are all similar.  Here is a description:
  1 Exchange 2013 server, all roles installed.
  External domain name:  associates.com
  Internal AD domain name:  associates.local
  Client installed a third party SSL certificate, but did not purchase a SAN or UC certificate, so there is one namespace on the SSL cert, and that represents the external OWA name:  mail.associates.com
  Now, when internal OUtlook 2010 clients start, they get the "The name of the security certificate is invalid or does not match the name of the site."
  I'm just wondering if http://support.microsoft.com/kb/940726 still applies to Exchange 2013 to fix this issue.  Does this article apply to Exchange 2013?  If so, I will follow the above
  article.  If not, please direct me to any articles for Exchange 2013 that addresses this.
  the autodiscoverserviceuri points to: 
  https://netbiosnameofmailserver.associates.local/Autodiscover/Autodiscover.xml
  Thanks!
  A

  Yes, the http://support.microsoft.com/kb/940726 still applies to Exchange2013.
  As per my understanding on this post;
  - Poster's Exchange2013 has no SAN certificate.. (usually used for local address like; NETBIOS.Domain.lan).  Be reminded that SSL providers will no longer accepts .LAN or .LOCAL in very near future.
  - By default it uses local url for EWS, Autodiscover, etc.. (if you don't have SAN certificate installed in your CAS server, you would see the certi warning)
  Anyway, I just want to share my case after applying the said work around long time ago (maybe some of you might encounter it as well): my Outlook still showed the certificate warning (I was just keep clicking the YES button).. I was wondering
  that time what was wrong with my virtual directory settings.. until I decided to click "NO" for an answer to that certificate warning message, then voila! it didn't bug me anymore.  Oh by the way, the certificate warning usually give you a hint
  what triggers it like; "autodiscover.Domain.lan" on the first line of message, but in my case it just "NETBIOS.Domain.lan" (didn't make any sense, did it?).. Well, unfortunately I didn't have the chance to figure out what triggered that event.. 

• HTTPS - certificate does not match the name of the site

  Hi all.
  We created an http destination to an external server in sm59. We are going to use SSL, certificate has been imported in strust.
  Our https settings are correct (we already use https in antother scenario), but there seams to be something wrong with the certificate of the http destination.
  When I use the windows-console on our XI server and try to open the URL of the http destination with Internet Explorer, Windows tells me that "The name on the security certificate ... does not match the name of the site".
  Is there a way to tell the server to ignore this security warning or is it necessary to create a new (correct) certificate?
  Any help is appreciated.
  Best regards,
  Philipp

  Philipp,
  Don't know much about this topic, but my guess would be that will have to create a new certificate with the appropriate credentials.

• Could not resolve service name when installing Mobile Server

  Hi,
  when installing mobile server I am prompted for the SYSTEM pwd and then get "ORA-12154: Could not resolve service name". I install lite in a different home (LITE_HOME) than the database. Database's TNSNAMES.ORA looks like (I added the webtogo.world entry myself)
  ===================== TNSNAMES.ORA =================
  WEBTOGO.WORLD =
       (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS =
  (PROTOCOL = TCP)
  (Host = localhost)
  (Port = 1521)
  (CONNECT_DATA = (lite.oracle)))
  LITE.PL.ORACLE.COM =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = lite.oracle)
  =======================================
  Then installing lite I enter localhost/1521/lite.oracle
  I can connect from sqlplus:
  sqlplus system/manager@lite
  Java version is 1.3.1_08, which I think is correct.
  Does anyone have any ideas? Thanks in advance.
  Best regards,
  Pawel

  Hi,
  When you install Oracle Lite the valid TNSNAMES.ora becomes the one that is coming with Oracle Lite.
  From now on when you must create a tns name you must create it in the Oracle Lite's tnsnames.ora file unless you specify which tnsnames file you will use in the registry.
  You can find tnsnams.ora file in the below path:
  <OracleLite_HOME>\network\admin\
  Regards,
  Bogac OZGEN

• The name on the security certificate is invalid or does not match the name of the site

  Hi Guys,
  Every time when we login to SAP Business One, we are getting two identical security Alerts, that we needs to click "Yes" twice.
  Text of error: “The name on the security certificate is invalid or does not match the name of the site”
  We tried to install certificate, but it is not solved this certificate issue and the alert still pops up on login.
  I guess, something wrong with dashboard settings, but don't really know what exact and how to fix it.
  Thanks,
  Sergey

  Hi,
  Please check SAP note:
  1810486 - Dashboard Certificate Sercurity Alert appears on every
  logon to Business One
  Thanks & Regards,
  Nagarajan