Error: Subject alternative name did not match site name (JavaME)

Similar Messages

• How do I allow access to internal website which cert name does not match site name?

  We have many internal sites which the certificate name does not match our site name. Is there a way to override the exception manually so we can access site?

  Change prefix from <b>https://</b> to <b>http://</b>

• SSLException: Name in certificate "host1" does not match host name "host2"

  Hi all,
  I am using a hosted WebDAV/Subversion service to store my files. The provider has connected my domain name to the service, so now I can access the service through my domain name :-)
  However, the provider cannot assign a static dedicated IP for the server which provides my content, hence he cannot set an SSL certificate for my domain name. Any time I access the service I am getting an SSL warning telling me that the domain name does not match that on the certificate... So far had no problem with that. The Web browser, the Windows Explorer, and the Subversion client allow me to accept the connection.
  Now I need to set up some automatic build software (Maven) and it appears that the JRE has a problem with these name mismatches -- it just throws an exception and does not allow me to accept the connection :-( In order to ensure that this is a JRE problem, I have tried to connect to the service with a Java-based WebDAV client (DAVExplorer) -- same thing -- here is the message thrown by DAVExplorer:
  javax.net.ssl.SSLException: Name in certificate "his.domain.name" does not match host name "my.domain.name"
  Is there some configuration file, system property or switch that I can use to make the JRE ignore the domain name mismatch thing?
  Please help,
  Adrian.

  Here is a quick example I put together. Most of the code was autogenerated by Eclipse "Generate Delegate Methods" on the urlConn field of the class. This is just an example; I haven't given it much thought; it probably opens up other security holes and I take no responsibility for it.
  In my example, I have an SSL server with the name "dawntreader" in the certificate, but my URL is https://192.168.10.7/ which triggers the name mismatch. I have not actually tested it with maven, but looking at these docs (http://maven.apache.org/guides/mini/guide-repository-ssl.html) I think that you should be able to add the following to the MAVEN_OPTS environment variable: -Djava.protocol.handler.pkgs=MyHttpsUrlConnection and make sure the MyHttpsUrlConnection.class file is on the classpath
  import java.io.IOException;
  import java.io.InputStream;
  import java.io.OutputStream;
  import java.net.MalformedURLException;
  import java.net.ProtocolException;
  import java.net.URL;
  import java.security.Permission;
  import java.security.Principal;
  import java.security.cert.Certificate;
  import java.util.List;
  import java.util.Map;
  import javax.net.ssl.HostnameVerifier;
  import javax.net.ssl.HttpsURLConnection;
  import javax.net.ssl.SSLPeerUnverifiedException;
  import javax.net.ssl.SSLSession;
  import javax.net.ssl.SSLSocketFactory;
  import javax.security.auth.x500.X500Principal;
  public class MyHttpsURLConnection extends HttpsURLConnection
      static class MyHostnameVerifier implements HostnameVerifier
          private static final String EXPECTED_HOSTNAME = "dawntreader";
          private String getCN(String DN)
              String [] dnComponents = DN.split(",");
              // Find one that starts with CN=
              for (String component : dnComponents)
                  if (component.startsWith("cn="))
                      return component.substring(3);
              return "";
          @Override
          public boolean verify(String hostname, SSLSession session)
              try
                  X500Principal peerPrincipal = (X500Principal) session.getPeerPrincipal();
                  String DN = peerPrincipal.getName("CANONICAL");
                  // now parse the CN out of the effing DN
                  // We should also get the subject alternative names
                  // from the peer certificate
                  String CN = getCN(DN);
                  return CN.equals(EXPECTED_HOSTNAME);
              } catch (SSLPeerUnverifiedException e)
                  return false;
      private final HttpsURLConnection urlConn;
      public MyHttpsURLConnection(URL url) throws IOException
          super(url);
          urlConn = (HttpsURLConnection) url.openConnection();
          urlConn.setHostnameVerifier(new MyHostnameVerifier());
      public void addRequestProperty(String key, String value)
          this.urlConn.addRequestProperty(key, value);
      public void connect() throws IOException
          this.urlConn.connect();
      public void disconnect()
          this.urlConn.disconnect();
      public boolean equals(Object obj)
          return this.urlConn.equals(obj);
      public boolean getAllowUserInteraction()
          return this.urlConn.getAllowUserInteraction();
      public String getCipherSuite()
          return this.urlConn.getCipherSuite();
      public int getConnectTimeout()
          return this.urlConn.getConnectTimeout();
      public Object getContent() throws IOException
          return this.urlConn.getContent();
      public Object getContent(Class[] classes) throws IOException
          return this.urlConn.getContent(classes);
      public String getContentEncoding()
          return this.urlConn.getContentEncoding();
      public int getContentLength()
          return this.urlConn.getContentLength();
      public String getContentType()
          return this.urlConn.getContentType();
      public long getDate()
          return this.urlConn.getDate();
      public boolean getDefaultUseCaches()
          return this.urlConn.getDefaultUseCaches();
      public boolean getDoInput()
          return this.urlConn.getDoInput();
      public boolean getDoOutput()
          return this.urlConn.getDoOutput();
      public InputStream getErrorStream()
          return this.urlConn.getErrorStream();
      public long getExpiration()
          return this.urlConn.getExpiration();
      public String getHeaderField(int n)
          return this.urlConn.getHeaderField(n);
      public String getHeaderField(String name)
          return this.urlConn.getHeaderField(name);
      public long getHeaderFieldDate(String name, long Default)
          return this.urlConn.getHeaderFieldDate(name, Default);
      public int getHeaderFieldInt(String name, int Default)
          return this.urlConn.getHeaderFieldInt(name, Default);
      public String getHeaderFieldKey(int n)
          return this.urlConn.getHeaderFieldKey(n);
      public Map<String, List<String>> getHeaderFields()
          return this.urlConn.getHeaderFields();
      public HostnameVerifier getHostnameVerifier()
          return this.urlConn.getHostnameVerifier();
      public long getIfModifiedSince()
          return this.urlConn.getIfModifiedSince();
      public InputStream getInputStream() throws IOException
          return this.urlConn.getInputStream();
      public boolean getInstanceFollowRedirects()
          return this.urlConn.getInstanceFollowRedirects();
      public long getLastModified()
          return this.urlConn.getLastModified();
      public Certificate[] getLocalCertificates()
          return this.urlConn.getLocalCertificates();
      public Principal getLocalPrincipal()
          return this.urlConn.getLocalPrincipal();
      public OutputStream getOutputStream() throws IOException
          return this.urlConn.getOutputStream();
      public Principal getPeerPrincipal() throws SSLPeerUnverifiedException
          return this.urlConn.getPeerPrincipal();
      public Permission getPermission() throws IOException
          return this.urlConn.getPermission();
      public int getReadTimeout()
          return this.urlConn.getReadTimeout();
      public String getRequestMethod()
          return this.urlConn.getRequestMethod();
      public Map<String, List<String>> getRequestProperties()
          return this.urlConn.getRequestProperties();
      public String getRequestProperty(String key)
          return this.urlConn.getRequestProperty(key);
      public int getResponseCode() throws IOException
          return this.urlConn.getResponseCode();
      public String getResponseMessage() throws IOException
          return this.urlConn.getResponseMessage();
      public Certificate[] getServerCertificates() throws SSLPeerUnverifiedException
          return this.urlConn.getServerCertificates();
      public SSLSocketFactory getSSLSocketFactory()
          return this.urlConn.getSSLSocketFactory();
      public URL getURL()
          return this.urlConn.getURL();
      public boolean getUseCaches()
          return this.urlConn.getUseCaches();
      public int hashCode()
          return this.urlConn.hashCode();
      public void setAllowUserInteraction(boolean allowuserinteraction)
          this.urlConn.setAllowUserInteraction(allowuserinteraction);
      public void setChunkedStreamingMode(int chunklen)
          this.urlConn.setChunkedStreamingMode(chunklen);
      public void setConnectTimeout(int timeout)
          this.urlConn.setConnectTimeout(timeout);
      public void setDefaultUseCaches(boolean defaultusecaches)
          this.urlConn.setDefaultUseCaches(defaultusecaches);
      public void setDoInput(boolean doinput)
          this.urlConn.setDoInput(doinput);
      public void setDoOutput(boolean dooutput)
          this.urlConn.setDoOutput(dooutput);
      public void setFixedLengthStreamingMode(int contentLength)
          this.urlConn.setFixedLengthStreamingMode(contentLength);
      public void setHostnameVerifier(HostnameVerifier v)
          this.urlConn.setHostnameVerifier(v);
      public void setIfModifiedSince(long ifmodifiedsince)
          this.urlConn.setIfModifiedSince(ifmodifiedsince);
      public void setInstanceFollowRedirects(boolean followRedirects)
          this.urlConn.setInstanceFollowRedirects(followRedirects);
      public void setReadTimeout(int timeout)
          this.urlConn.setReadTimeout(timeout);
      public void setRequestMethod(String method) throws ProtocolException
          this.urlConn.setRequestMethod(method);
      public void setRequestProperty(String key, String value)
          this.urlConn.setRequestProperty(key, value);
      public void setSSLSocketFactory(SSLSocketFactory sf)
          this.urlConn.setSSLSocketFactory(sf);
      public void setUseCaches(boolean usecaches)
          this.urlConn.setUseCaches(usecaches);
      public String toString()
          return this.urlConn.toString();
      public boolean usingProxy()
          return this.urlConn.usingProxy();
      public static void main(String[] args) throws MalformedURLException, IOException
          MyHttpsURLConnection urlConn = new MyHttpsURLConnection(new URL(
                  "https://192.168.10.7/"));
          urlConn.connect();
          InputStream is = urlConn.getInputStream();
          int nread = 0;
          byte[] buf = new byte[8192];
          while ((nread = is.read(buf)) != -1)
              System.out.write(buf, 0, nread);
  }

• The name of the security certificate is invalid or does not match the name of the site error?

  I am looking for some help folks. We are in a Outlook 2007/Exchange2010/Windows2008R2 environment.
  When users open Outlook off the network, and occasionally on the network, they get the error
  The name of the security certificate is invalid or does not match the name of the site error
  The CAS hostname is HRECAS.XXX.ORG. The URL that is listed on the SSL certificate (issued by VeriSign) is WEB.XXX.ORG. WEB.XXX.ORG is what users use to get to OWA and such.
  When I use testexchangeconnectivity.com, under certificate name validation I see an error that reads:
  Host name autodiscover.xxx.org doesn't match any name found on the server certificate CN=web.xxx.org.
  Does this mean somehow we have to add autodiscover.xxx.org on the certificate?
  I tried to add AutoDiscoverExternalUri using
  http://support.microsoft.com/?kbid=940726 &
  http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/2d0c0f5f-e4ec-4f33-a37d-b94fd7a2319f on the CAS server.
  Set-ClientAccessServer -identity HRECAS -AutodiscoverServiceExternalUri
   https://autodiscover.xxx.org/Autodiscover/Autodiscover.xml 
  I get an error that says
  "a positional parameter cannot be found that accepts argument '-AutoDiscoverExternalUri'.
  Can someone point to me what I am doing wrong with the command and whether I should be concerning myself with adding that line? By the way the
  InternalUrl information is already configured on the system. Also should I edit the certificate to add autodiscover.xxx.org?
  Thank in advance for your support.
  TD
  TD

  Hi Tapera,
  Thanks for the question.
  SRV record is a good idea. You can set the SRV to
  https://web.abc.com/autodiscover/autodiscover.xml but you must make sure the
  url can be resolved from External clients.
  In addition, there is still a issue. It is hard coded that Outlook will find the autodiscover by the orders below:
  1. Access autodiscover via SCP in AD.
  https://web.abc.com/autodiscover/autodiscover.xml
  2. If SCP access fails, it will try:
  https://abc.com/autodiscover/autodiscover.xml
  3. Then
  https://autodiscover.abc.com/autodiscover/autodiscover.xml
  4. Local XML file
  5. SRV record
  As you can see, Outlook will try SRV record at last. Therefore, it will still try to access
  https://autodiscover.abc.com/autodiscover/autodiscover.xml each time you run Outlook. Then the certificate warning will still persists.
  I have a workaround solution. You can do a local policy to disable the autodiscover to access the
  https://autodiscover.abc.ocom/autodiscover/autodiscover.xml by:
  1.   
  On the Outlook client machine, open regedit and add the following key:
  HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Autodiscover
           "ExcludeHttpsAutodiscoverDomain"
           "ExcludeHttpsRootDomain"
  2.   
  Then set the value to “1” on the above two keys.
  Thanks,
  Simon  

• The name on the security certificate is invalid or does not match the name of the site exchange 2010

  We did an update to SP1 to SP3 for Exchange 2010 over the weekend and now I am seeing the following errors.
  "The name on the security certificate is invalid or does not match the name of the site"
  Any ideas why an update would effect this. I have looked at the names and everything seems to match up.

  Hi,
  Does the issue happen to all users? If it is, please run the following command to check your certificate configuration:
  Get-ExchangeCertificate | fl
  Generally, the certificate mismatch issue is caused by the name in URLs doesn't match the certificate names with IIS service. Please make sure all URLs that used to connect Exchange from internal and external should match the certificate names with proper
  services.
  http://support.microsoft.com/kb/940726
  Best Regards,
  Winnie Liang
  TechNet Community Support

• The name on the security certificate is invalid or does not match the name of the site

  Hi Guys,
  Every time when we login to SAP Business One, we are getting two identical security Alerts, that we needs to click "Yes" twice.
  Text of error: “The name on the security certificate is invalid or does not match the name of the site”
  We tried to install certificate, but it is not solved this certificate issue and the alert still pops up on login.
  I guess, something wrong with dashboard settings, but don't really know what exact and how to fix it.
  Thanks,
  Sergey

  Hi,
  Please check SAP note:
  1810486 - Dashboard Certificate Sercurity Alert appears on every
  logon to Business One
  Thanks & Regards,
  Nagarajan

• Crystal Report 2008 results "Password did not match error" in SQL Server Log

  Hi,
  I am trying to develop some crystal reports using Crystal Report 2008 SP4 to connect to SQL server 2008 through RDO (ODBC). My problem is that anytime Crystal Report is trying to establish a connection with SQL Server, first it tries to connect with the wrong password and results the following error message in SQL Server log:
  Login failed for user 'peyman'. Reason: Password did not match that for the login provided. [CLIENT: 192.168.2.198]
  The login name 'peyman' is the right one as I have quoted the same in setting up ODBC System DSN using "SQL Server Native Client 10". But somehow Crystal Report is taking its chance and trying to connect before prompting me for the password. After this error logged to SQL server side, I can see Crystal Report pops up the prompt to enter DSN password. After supplying password to this prompt, Crystal Report works fine and pulls the data and renders the report without having any more incorrect password error logged to SQL Server.
  The attached file shows the step I am taking to regenerate the issue. I need this to be fixed as anytime uses any of these reports and tries to render it with crystal runtime engine the same error message raises in SQL Server side and logged in the log file.
  Thanks,

  Hi Peyman,
  This is the way it should work, In CR designer when you open the report it does nothing. As soon as you hit the Refresh button then CR tries to use the connection saved with the report. It assumes what is saved with the report is a valid server and connection info. CR simply tries to verify the server is still active.
  If you don't want it to fail in CRD then before opening any report Click the File, Log on Database option and connect. Now when refreshing reports it won't log the failed.
  In the SDK it does the same thing, it assumes the Server info is the same and does try to connect to verify the Server does exist. It only takes a few milli-seconds to do this
  To stop this from happening set the log on info first then it won't log the attempt to connect, it's checking to see if Trusted is allowed.
  TIMESTAMP    THREAD_ID    FILENAME    LINE_NUMBER    LOGGED_DATA    LEVEL
  2014-6-2 8:30:11.439    57320    .\QESession.cpp    444    Set Product View Locale: 4105    20
  2014-6-2 8:30:11.439    57320    .\QESession.cpp    478    Set Preferred View Locale: 4105    20
  2014-6-2 8:30:11.439    57320    .\QESession.cpp    500    Set Process Locale: 4105    20
  2014-6-2 8:30:11.440    57320    .\qecommon.cpp    117    This property is currently in a read-only state and cannot be modified. File Name: ".\QEProperty.cpp". Line: 217    1
  2014-6-2 8:30:11.967    57208    .\QESession.cpp    444    Set Product View Locale: 4105    20
  2014-6-2 8:30:11.967    57208    .\QESession.cpp    478    Set Preferred View Locale: 4105    20
  2014-6-2 8:30:11.967    57208    .\QESession.cpp    500    Set Process Locale: 4105    20
  2014-6-2 8:30:11.968    57208    .\qecommon.cpp    117    This property is currently in a read-only state and cannot be modified. File Name: ".\QEProperty.cpp". Line: 217    1
  2014-6-2 8:30:11.999    57208    .\QESession.cpp    444    Set Product View Locale: 1033    20
  2014-6-2 8:30:12.4    57320    .\qecommon.cpp    117    This value is write-only. File Name: ".\QEProperty.cpp". Line: 145    1
  2014-6-2 8:30:56.278    57208    .\odbcapi.cpp    301    Beginning COdbcapi::DriverConnect    20
  2014-6-2 8:30:56.342    57208    .\odbcapi.cpp    335    Ending COdbcapi::DriverConnect    20
  2014-6-2 8:30:56.342    57208    .\connect.cpp    2170    SQLDriverConnect succeeded: DSN = 192.168.13.172, User ID = sa, Password = ********    10
  2014-6-2 8:30:56.348    57208    .\qecommon.cpp    117     File Name: ".\QEQueryInfo.cpp". Line: 826    1
  2014-6-2 8:30:56.348    57208    .\qecommon.cpp    117     File Name: ".\QEQueryInfo.cpp". Line: 854    1
  2014-6-2 8:30:56.348    57208    .\qecommon.cpp    117     File Name: ".\QEQueryInfo.cpp". Line: 826    1
  2014-6-2 8:30:56.348    57208    .\qecommon.cpp    117     File Name: ".\QEQueryInfo.cpp". Line: 826    1
  2014-6-2 8:30:56.348    57208    .\qecommon.cpp    117     File Name: ".\QEQueryInfo.cpp". Line: 854    1
  2014-6-2 8:30:56.348    57208    .\qecommon.cpp    117     File Name: ".\QEQueryInfo.cpp". Line: 826    1
  2014-6-2 8:30:56.348    57208    .\qecommon.cpp    117     File Name: ".\QEQueryInfo.cpp". Line: 854    1
  2014-6-2 8:30:56.348    57208    .\qecommon.cpp    117     File Name: ".\QEQueryInfo.cpp". Line: 916    1
  2014-6-2 8:30:56.348    57208    .\QERowset.cpp    1184    Beginning CQERowset::readFirstRecord    20
  2014-6-2 8:30:56.348    57208    .\QERowset.cpp    2149    Beginning CQERowset::restart    20
  2014-6-2 8:30:56.348    57208    .\QERowset.cpp    2370    Beginning CQERowset::execute    20
  2014-6-2 8:30:56.353    57208    .\DbQueryBuilder.cpp    514    Query Targets: sqlncli10, ODBC3SQLServer    10
  2014-6-2 8:30:56.353    57208    .\DbQueryBuilder.cpp    525    Successfully built query:    SELECT "Orders"."Customer ID", "Orders"."Employee ID"   FROM   "xtreme"."dbo"."Orders" "Orders"    10
  2014-6-2 8:30:56.353    57208    .\odbcapi.cpp    875    Beginning COdbcapi::ExecDirect    20
  2014-6-2 8:30:56.354    57208    .\odbcapi.cpp    884    Finishing COdbcapi::ExecDirect    20
  2014-6-2 8:30:56.354    57208    .\rowset.cpp    220    SQLExecDirect succeeded:  SELECT "Orders"."Customer ID", "Orders"."Employee ID" FROM   "xtreme"."dbo"."Orders" "Orders"    10
  2014-6-2 8:30:56.354    57208    .\QERowset.cpp    2814    bindToField succeeded: Orders.Customer ID is using client buffer    10
  2014-6-2 8:30:56.354    57208    .\QERowset.cpp    2814    bindToField succeeded: Orders.Employee ID is using client buffer    10
  Notice it doesn't try to connect first if I set the log on info first using code.
  So nothing we can do to stop SQL server from logging this info. Check with the DBA, possibly they can "filter" out the application attempts to connect or change your work flow in the app.
  If you have a Preview Button to view the report then simply add your Database log on info prompt there if Connectioninfo.Trusted is not true:
  mainSecureDB = rpt.Database.Tables[tableIndex].LogOnInfo.ConnectionInfo.IntegratedSecurity;
  if mainSecureDB = false then prompt the user for log on info and set accordingly, if it is true the it should not fail when it connects.
  This is simply a matter of changing your App work flow...
  Thanks
  Don

• Exchange 2013 w/Outlook 2013 "The name of the security certificate is invalid or does not match the name of the site"

  I've completed an upgrade from Exchange 2003 to Exchange 2013 and I have one last SSL message that I can't get rid of.  I've installed a 3rd party cert that is working great for webmail and cell phone access but for some reason the Outlook 2010/2013
  clients get prompted for a security warning.  I just implemented the SSL cert yesterday and I've noticed that new installs of Outlook seem to work just fine.  My Outlook 2013 client doesn't prompt me with the message but I have other users who are
  still getting the "The name of the security certificate is invalid or does not match the name of the site" error.  The domain on the cert error show up as server.mydomain.local.  I've gone through all the virtual directories and pointed
  all of my internal and external URL's to https://mail.mydomain.com.   This made one of the two warnings go away but not the second.  I've dug around on google and gone through everything I could find here and as far as I can tell my internal
  and external url's are configured properly and I can't figure out where this error is originating from.  Any ideas on where I should look outside of the virtual directories? 
  I'm including a good link I found that contains all of the virtual directories I updated.  I've checked them through both CLI and GUI and everything looks good.
  http://www.mustbegeek.com/configure-external-and-internal-url-in-exchange-2013/
  http://jaworskiblog.com/2013/04/13/setting-internal-and-external-urls-in-exchange-2013/

  Hi,
  When the Outlook connect to Exchange 2013/Exchange 2010, the client would connect to Autodiscover service to retrieve Exchange service automatically from server side. This feature is not available in Exchange 2003 Outlook profile.
  Generally, when mailbox is moved to Exchange 2013, the Outlook would connect to server to automatically update these information. It needs time to detect and update the changes in server side. I suggest we can do the following setting For autodiscover service:
  Get-ClientAccessServer | Set-ClientAccessServer –AutodiscoverServiceInternalUri https://mail.mydomain.com/autodiscover/autodiscover.xml
  Please restart IIS service by running IISReset in a Command Prompt window after all configuraions.
  Regards,
  Winnie Liang
  TechNet Community Support

• Outlook Security Alert - "the name on the security certificate is invalid or does not match the name of the site"

  Due to our company changing names, we recently moved to a new domain. All users were at first getting a certificate error when opening Outlook "the name on the security certificate is invalid or does not match the name of the site." After our network
  admin made some changes, nobody receives this error anymore except one user. The URL at the top of the security alert is the old domain, mail.olddomain.com. I checked the users Exchange Proxy Settings in Outlook, everything is showing the URL's of the new
  domain so I'm not sure where this is coming from. I'm assuming it has to be something on her local machine since she is the only one who still gets the error.
  Thanks in advance for any help.
  Exchange server 2008
  Outlook 2010

  Hi,
  Please follow all above suggestions to confirm whether the issue happens in OWA. And run Test E-mail AutoConfiguration in Outlook to check whether there is any URL settings using the old domain.
  If the issue doesn’t happen in OWA and your URL configurations are all same as others and set correctly, please create a new Outlook profile to have a try.
  Thanks,
  Winnie Liang
  TechNet Community Support

• There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site "Mailserver"

  Good day Guys
  First of all I am not an Exchange Expert, and I might be asking a very stupid question, but please bare with me. :) 
  While I was on leave our Mail server fell over and The company got a Specialist to help out for the time being.
  We where\are on Microsoft Exchange 2007 , which Fell over, and the specialist was able to recover as much data as he could.
  They then installed Exchange 2013 and tried to migrate everything from 2007 to 2013 and not everything migrated over.
  But the problem is, Outlook Anywhere was enable on 2007 and worked a 100% (before the disaster)
  With Exchange 2013 I get the following error message when trying to connect With Outlook 2013, using an external connection:
  "There is a problem with the proxy server's security certificate. The name on the security certificate is invalid or does not match the name of the target site "Mailserver"
  Outlook is unable to connect to the Proxy server. (Error Code 0)"
  Has anyone had the Similar when migrating over from 2007 to 2013 or is this an Issue on IIS and nothing to do with Exchange migration?
  Your assistance will be greatly appreciated.

  Hi,
  Firstly, I would suggest we use Exchange 2013 FE as the Outlook Anywhere proxy server.
  For the certificate issue, it mostly occurs because the host name that Outlook are trying to access does not match the certificate SAN. Please check with this point. If they do not match, you
  can change the host name by referring to the following article:
  https://support.microsoft.com/kb/940726/en-us?wa=wsignin1.0
  Thanks,
  Simon Wu
  TechNet Community Support

• Exchange 2010 - The name on the security certificate is invalid or does not match the name of the site

  Scenario - Two Domains in different forests in production
  Domain ABC.com - Contains Exchange Server 2010 + Windows 2008 R2 AD Domain controllers
  Domain XYZ.com - Windows 2008 R2 Domain controllers + Contains all users + Desktop compuer accounts.
  User logs in to the domain XYZ.com from a desktop and he configures outlook using the user ID in  domain ABC.com.
  When he opens Outlook it is getting connected and he gets an error message pop -up saying 'The name on the security 
  certificate is invalid or does not match the name of the site'
  I am using an external certificate from Thawte for autodiscover.ABC.com & webmail.ABC.com
  I read about one solution provided in MS KB article - http://support.microsoft.com/kb/2772058 
  But in my scenarion there are two domain involved. Pls guide how to clear this.
   

  Hi,
  How about logon [email protected] on ABC domain via OWA?
  If OWA works well, it seems and issue on the Autodiscover side.
  Please run "Test E-mail AutoConfiguration" on Outlook to check whether this issue caused by Certificate Mismatch.
  1.
  Firstly make sure how many host name in your certificate the certificate. Run “Get-ExchangeCertificate | select certificatedomain”.
  2.
  Secondly, check the web services URLs which Outlook are trying to connect to. Run “Test Email AutoConfiguration”.
  3.
  In this scenario, you need to check the host name for the following services:
  Autodiscover, EWS, OAB, ECP, UM
  4.
  If any of the urls above does not match the one in the certificate, refer to the following article to change it via EMS:
  http://support.microsoft.com/kb/940726 
  More details to see following FAQ on "Checklist for Exchange Certificate issues":
  http://social.technet.microsoft.com/Forums/en-US/fa78799b-5c55-4c71-973b-0e186612ff6f/checklist-for-exchange-certificate-issues?forum=exchangesvrgeneral
  Thanks
  Mavis Huang
  TechNet Community Support

• Exchange 2013 - The name of the security certificate is invalid or does not match the name of the site

  Hi,
  I know this question has been asked a ton of times, but I haven't found any instance of this question asked for exchange 2013.  Yes, I've seen Exchange 2010, Exchange 2007, but not Exchange 2013.  The symptoms are all similar.  Here is a description:
  1 Exchange 2013 server, all roles installed.
  External domain name:  associates.com
  Internal AD domain name:  associates.local
  Client installed a third party SSL certificate, but did not purchase a SAN or UC certificate, so there is one namespace on the SSL cert, and that represents the external OWA name:  mail.associates.com
  Now, when internal OUtlook 2010 clients start, they get the "The name of the security certificate is invalid or does not match the name of the site."
  I'm just wondering if http://support.microsoft.com/kb/940726 still applies to Exchange 2013 to fix this issue.  Does this article apply to Exchange 2013?  If so, I will follow the above
  article.  If not, please direct me to any articles for Exchange 2013 that addresses this.
  the autodiscoverserviceuri points to: 
  https://netbiosnameofmailserver.associates.local/Autodiscover/Autodiscover.xml
  Thanks!
  A

  Yes, the http://support.microsoft.com/kb/940726 still applies to Exchange2013.
  As per my understanding on this post;
  - Poster's Exchange2013 has no SAN certificate.. (usually used for local address like; NETBIOS.Domain.lan).  Be reminded that SSL providers will no longer accepts .LAN or .LOCAL in very near future.
  - By default it uses local url for EWS, Autodiscover, etc.. (if you don't have SAN certificate installed in your CAS server, you would see the certi warning)
  Anyway, I just want to share my case after applying the said work around long time ago (maybe some of you might encounter it as well): my Outlook still showed the certificate warning (I was just keep clicking the YES button).. I was wondering
  that time what was wrong with my virtual directory settings.. until I decided to click "NO" for an answer to that certificate warning message, then voila! it didn't bug me anymore.  Oh by the way, the certificate warning usually give you a hint
  what triggers it like; "autodiscover.Domain.lan" on the first line of message, but in my case it just "NETBIOS.Domain.lan" (didn't make any sense, did it?).. Well, unfortunately I didn't have the chance to figure out what triggered that event.. 

• Outlook: The name of the security certificate is invalid or does not match the name of the site

  Hey guys,
  We have setup autodiscover redirection properly (I guessed) by:
  Creating a CNAME from
  AliasName: autodiscover.tenant-domain.com TO
  PrimaryName: autodiscoverredirection.hostname.com.
  Then doing a re-direction to https autodiscover service.
  All seems to be working properly, however, when I open Outlook, it still shows the pop out saying "autodiscover.tenant-domain.com - The name of the security certificate is invalid or does not match the name of the site".
  The autodiscover redirection is indeed working properly, that's why the autodiscover is working, however it is still trying to match autodiscover.tenant-domain.com to the certitifcate instead of matching the re-directed url, which is autodiscover.hostname.com.
  Could anyone advise what is wrong? Or anyone who knows how to correct it can contact me? :)
  Jackson Yap APC Hosting http://www.apc.sg/

  Hi Jason, Well, if it is doing that, it is most likely beccause your autodiscoverredirection.hostname.com also respond to port 443/SSL. So, what you need to do is to make sure that specific IP isn't responding to 443. The reason is this, 1. You first hit
  https://autodiscover.tenant-domain.com, which this is a CNAME to autodiscoverredirection.hostname.com. So, if autodiscoverredirection.hostname.com respond to 443, it will then give you an error. If it doesn, it will then move on to perform redirection right
  away and you will not get that prompt.Regards, Kip Ng - http://blogs.technet.com/b/provtest/

• The name on the security certificate is invalid or does not match the name of the site" : IE

  Hi All,
  All clients are getting “the name on the security certificate is invalid or does not match the name of the
  site” when its reboot and try to access website.
  I don’t have idea about certificate authority. Can anyone help on how I start troubleshooting this.
  Is there any group policy setting which resolve this issue.
  Please suggest what parameter I have to check. 

  > All clients are getting “the name on the security certificate is invalid
  > or does not match the name of the site” when its reboot and try to access website.
  "View Certificate" should tell you.
  Greetings/Grüße,
  Martin
  Mal ein
  gutes Buch über GPOs lesen?
  Good or bad GPOs? - my blog…
  And if IT bothers me -
  coke bottle design refreshment (-:

• Exchange 2013/2007 coexistence: The Name on the Security Certificate is Invalid or Does Not Match the Name of the Site.

  In the midst of Exchange 2013/2007 coexistence configuration. 
  Currently:
  Exchange 2007:
  2 CAS\HUB
  1 Mailbox server
  Exchange 2013 (2 sites):
  LA:
  1 CAS
  2 MBX servers
  MKE:
  1 CAS 
  2 MBX servers.
  We purchased a certificate from Digicert and added every SAN name we could think of including "legacy.companyname.com", just to be sure. Added certificate to Exchange 2013 CAS servers and 2007 CAS\HUB boxes. Configured virtual directories on Exchange
  2013 MKE-CAS01 but not on Exchange 2013 LA-CAS01. Configured virtual directories to on Exchange 2007 CAS\HUB to point to "legacy.companyname.com". 
  Mailboxes have not been moved yet. I just wanted to get the coexistence between Exchange 2013/2007 up first but some users (not all) receiving
  "The name of the security certificate is invalid or does not match the name of the site" for
  "LEGACY.COMPANYNAME.COM". I remember configuring the AUTODISCOVER virtual directory for Exchange 2007. Any ideas? Thank you.

  Hi,
  Please make sure that the certificate with "legacy.companyname.com" name is enabled for IIS service. We can check it by running the following command in Exchange server 2007:
  Get-ExchangeCertificate | FL
  Thanks,
  Winnie Liang
  TechNet Community Support