• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1183
  • Last Modified:

This CA Root certificate is not trusted. To enable trust...

I will start this off by saying that I am not an IT pro and configuration answers may be vague but I'll do my best to be as detailed as possible.

I am having issues with connecting with mail.mydomain.com

I am getting an error saying that the CA Roor certificate is not trusted.

When I view the certificate it has information in it related to our sonic wall.

Why are we getting this error all of a sudden when the server and e-mail had been working fine all day?  

I am running Exchange 2000 on Server 2000
0
ProperMethodz
Asked:
ProperMethodz
  • 3
  • 2
1 Solution
 
ProperMethodzAuthor Commented:
Please help... If you need more information please ask... I need to get this resolved.
0
 
ProperMethodzAuthor Commented:
IS there anyone here who knows anything about exchange, and CA root certificates?

Here is the setup.

ADSL with static into a Sonic Wall. The services for exchange and the ports in the sonic wall are open.

All IPs and Redirects are set for unassigned so all IPs are accepted.

But when you go to the mail.mydomain.com it says that the CA root certificate is not valid...


PLEASE HELP!!!
0
 
_TAD_Commented:

It sounds like your root certificate has expired, but I think you should be getting a different error if that were true.

What you should do is take a look at the certificate.  Make sure that the certificate is still valid and not expired.  

Open up your web page (http://mail.myCompany.com) and double click on the little lock that appears in the status bar at the bottom of the browser (you may have to enable the status bar in the "view" menu of your browser.  I assume that you are using IE or Netscape.  Anyway, double click on this lock and it will give you information about expiration dates and other stuff.


if this doesn't work, then If your web server is using IIS, then go to:

>>webserverName > Control Panel > Administrative Tools > Internet Information Services > webPage/localhost >  Properties > Directory Security > View/edit Certificate

This will at least get you some information to start with.




<----->

If everything here looks peachy, then perhaps your certificate authority is not working.  If you are using verisign or some other compnay, then you need to call them to verify that their CA servers are up and running.  If your company is its own certificate authority, then you need to make sure that your CA server is up and running and the CA services are running as well.


0
 
ProperMethodzAuthor Commented:
The lock wasn't appearing.

We found the problem. It was an issue with the firewall redirecting to a unknown site.

Basically we have a POS sonicwall that "decided" to "lose" its settings causing hours of hair-pulling and head banging. This basically rendered a static IP useless because it was redirecting before getting to the internal IIS, and Exchange.

I keep telling my company to invest in a Cisco Pix... but they just don't want to spring for it.

Since you were the only person to respond, and I can't take my points back...

Happy holidays..
0
 
_TAD_Commented:


Thanks!

so, basically when the browser went to check to see if the Cert was valid it was being redirected to another destination which obviously could not authenticate the certificate.  Makes perfect sense... tough to track down though.


for the future, if something like this happens again I suppose a good start might be to use the trace route function.

If you haven't used it before it's a lot like "ping", but it shows all of the routers and servers that you go through to get somewhere.

open a command line and type:

tracert <website>    (e.g. tracert www.google.com)


Thanks again for the points

-or-

tracert <myServer>
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now