This CA Root certificate is not trusted. To enable trust...

Posted on 2004-11-29
Last Modified: 2012-05-05
I will start this off by saying that I am not an IT pro and configuration answers may be vague but I'll do my best to be as detailed as possible.

I am having issues with connecting with

I am getting an error saying that the CA Roor certificate is not trusted.

When I view the certificate it has information in it related to our sonic wall.

Why are we getting this error all of a sudden when the server and e-mail had been working fine all day?  

I am running Exchange 2000 on Server 2000
Question by:ProperMethodz
    LVL 1

    Author Comment

    Please help... If you need more information please ask... I need to get this resolved.
    LVL 1

    Author Comment

    IS there anyone here who knows anything about exchange, and CA root certificates?

    Here is the setup.

    ADSL with static into a Sonic Wall. The services for exchange and the ports in the sonic wall are open.

    All IPs and Redirects are set for unassigned so all IPs are accepted.

    But when you go to the it says that the CA root certificate is not valid...

    LVL 23

    Accepted Solution


    It sounds like your root certificate has expired, but I think you should be getting a different error if that were true.

    What you should do is take a look at the certificate.  Make sure that the certificate is still valid and not expired.  

    Open up your web page ( and double click on the little lock that appears in the status bar at the bottom of the browser (you may have to enable the status bar in the "view" menu of your browser.  I assume that you are using IE or Netscape.  Anyway, double click on this lock and it will give you information about expiration dates and other stuff.

    if this doesn't work, then If your web server is using IIS, then go to:

    >>webserverName > Control Panel > Administrative Tools > Internet Information Services > webPage/localhost >  Properties > Directory Security > View/edit Certificate

    This will at least get you some information to start with.


    If everything here looks peachy, then perhaps your certificate authority is not working.  If you are using verisign or some other compnay, then you need to call them to verify that their CA servers are up and running.  If your company is its own certificate authority, then you need to make sure that your CA server is up and running and the CA services are running as well.

    LVL 1

    Author Comment

    The lock wasn't appearing.

    We found the problem. It was an issue with the firewall redirecting to a unknown site.

    Basically we have a POS sonicwall that "decided" to "lose" its settings causing hours of hair-pulling and head banging. This basically rendered a static IP useless because it was redirecting before getting to the internal IIS, and Exchange.

    I keep telling my company to invest in a Cisco Pix... but they just don't want to spring for it.

    Since you were the only person to respond, and I can't take my points back...

    Happy holidays..
    LVL 23

    Expert Comment



    so, basically when the browser went to check to see if the Cert was valid it was being redirected to another destination which obviously could not authenticate the certificate.  Makes perfect sense... tough to track down though.

    for the future, if something like this happens again I suppose a good start might be to use the trace route function.

    If you haven't used it before it's a lot like "ping", but it shows all of the routers and servers that you go through to get somewhere.

    open a command line and type:

    tracert <website>    (e.g. tracert

    Thanks again for the points


    tracert <myServer>

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Perecntage 4 41
    strange bios behaviour 35 87
    Keeping track of daily tasks 4 24
    Which School? 2 19
    Learn more about the importance of email disclaimers with our top 10 email disclaimer DOs and DON’Ts.
    Whether you're new to the game or an experienced player, you can never get enough help trying to have the best Pokémon. This guide will do its best to serve and be a living document.  It will evolve as I have more things to add or change.
    Notifications on Experts Exchange help you keep track of your activity and updates in one place. Watch this video to learn how to use them on the site to quickly access the content that matters to you.
    Saved searches can save you time by quickly referencing commonly searched terms on any topic. Whether you are looking for questions you can answer or hoping to learn about a specific issue, a saved search can help you get the most out of your time o…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now