In this Exchange 2010, when I view cert, on the General tab, in front of Issued To, I see only one name -- internal FQDN of server.

How may I view other names, if any, for which this cert may be valid?

Is a requirement for Exchange 2010? We sure are having Connectivity Issues with Outlook 2010. Thanks.

asked 12/16/2011 09:26

Akulsh's gravatar image

Akulsh ♦♦

6 Answers:
Click the Details tab and then you will see more information.  It could be under Subject, or Subject Alternative Names area probably.
The autodiscover name should be there.  I think you can setup a DNS SRV record too if you don't have the autodiscover name.


chakko's gravatar image


you can use powershell to get the certificate details:

'Get-ExchangeCertificate' command to view all certificates in local store of the server.

Then copy the thumbprint of each of above listed certificate to get the detailed properties of each certificate where information regarding subject name, date, status, issuing authority, expire date and status and service attached are listed.

Get-ExchangeCertificate <thumbprint of the certificate> | fl

For you to use autodiscover, you need to have ceritificate issued to that service ( in SAN

answered 2011-12-16 at 21:04:15

kpa2011's gravatar image


You both helped me make progress:
-- In GUI, in Details, under SUBJECT ALTERNATE NAME, I could see all names.
-- in PowerShell, with Get-ExchangeCertificate command, I could see names under CertificateDomains.

Thank you both.

Now, about the 2nd half of my question, which was:
Is cert for a requirement for Exchange 2010 to work properly with Outlook 2010? Thanks.


answered 2011-12-16 at 21:10:05

Akulsh's gravatar image


yes.  you should have that name

If the autodiscover name is not in your SSL then you can use a DNS SRV record.

Take a look at this


answered 2011-12-16 at 22:23:18

chakko's gravatar image



I read that article. It keeps saying - The autodiscover record must be created in the external DNS zone.

Not sure what "external' means here. This company does have different SMTP domain name (after @ in email address) than AD domain name. Does 'external" mean SMTP domain name that needs to be modifed in internal AD DNS servers, OR does 'external' mean SMTP domain name that needs to be modified only on external (public) non-AD DNS servers?

BTW, the internal users of Outlook 2010 are having problems. Thanks.

answered 2011-12-16 at 22:31:44

Akulsh's gravatar image


If your outlook is outside of your Office (like a user at home) then it would access Public DNS servers, so you would need to create the DNS record on the Public DNS server for your domain.

Inside your office you should be accessing the Internal LAN DNS server so you should try to create the record on your Internal DNS server.

Of course, your public DNS and private LAN DNS servers could  be the same server, but it probably is not.

answered 2011-12-16 at 23:55:01

chakko's gravatar image


Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments



Asked: 12/16/2011 09:26

Seen: 241 times

Last updated: 12/16/2011 05:51