ADFS SSL Certificate Name Mismatch
Topic Last Modified: 2011-06-06
The Microsoft Remote Connectivity Analyzer tool queries the Authentication Platform in the cloud to perform a realm discovery. When that process is finished, the Authentication Platform passes to the requesting client the ADFS endpoint name that the client requires for authentication. The endpoint is a Secure Sockets Layer (SSL) connection, which has a certificate in place. The tool evaluates the fully qualified domain name (FQDN) that was assigned to the certificate (for example, STS.Contoso.com).
The Microsoft Remote Connectivity Analyzer tool returns the following warning if the FDQN doesn't match the host address or URL that the client uses to make a connection with the server.
SSL Certificate Name Mismatch
The name mismatch warning means that users might not be able to authenticate correctly to their Office 365 resources. If this issue occurs, the passive (Internet Explorer) access to the Office 365 services display a certificate warning when the user accesses the services. Only after the certificate warning is accepted can the Passive client connect. The Outlook client isn't presented with this certificate security warning, and the client fails to connect.
More Information
For information about how to troubleshoot this issue, see the Microsoft Knowledge Base article 2523494, You receive a certificate warning when you try to access Microsoft Office 365 resources by using an identity-federated account.
For more information planning for identity federation, see Prepare for single sign-on.
For help to upgrade your current Exchange 2010 environment, see Exchange Server Deployment Assistant.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for