OK so here is the deal... We do wildcard SSL offloading through our f5 load balancers. Recently our certificate through Godaddy expired. We purchased a new wildcard certificate and also decided that we should also get new Barracuda load balancers to replace the aging f5's. We set up the Barracudas in a two arm solution (Old switch is plugged into the WAN port, a new switch is plugged into the LAN port and the barracuda is acting as a gateway) and installed the cert with private key and blah blah blah. Everything is working fine.
So currently we have an Exchange server running Exchange 2007 that has one NIC plugged into the old switch with the f5. A second NIC is plugged into the new two armed switch with the barracuda acting as the gateway. I configured all the services (SMTP, IMAP, HTTPS, POP3) with 1 virtual IP address on the original network and setup the firewall to NAT the public IP to the virtual private IP.
Now because that DNS name is being used by our employees, I made an entry in the hosts file to match our domain name (mail.domain.com) to point to the new public IP address. POP3 and IMAP work fine but when I try sending mail with thunderbird through SMTP port 587 I get a Wrong Site and an Unknown Identity certificate error. The certificate it is showing is the self signed certificate for the server. If I try taking the entry out of the host file and use the old IP address I get a certificate error but it is only any an Unknown Identity error.
Do I have to re-create the self signed certificate for that specific NIC? If anyone has any idea at all or can steer me in the right direction, I would be so grateful.
Keep Up with TechRepublic