This CA Root certificate is not trusted. To enable trust...

I will start this off by saying that I am not an IT pro and configuration answers may be vague but I'll do my best to be as detailed as possible.

I am having issues with connecting with

I am getting an error saying that the CA Roor certificate is not trusted.

When I view the certificate it has information in it related to our sonic wall.

Why are we getting this error all of a sudden when the server and e-mail had been working fine all day?  

I am running Exchange 2000 on Server 2000
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ProperMethodzAuthor Commented:
Please help... If you need more information please ask... I need to get this resolved.
ProperMethodzAuthor Commented:
IS there anyone here who knows anything about exchange, and CA root certificates?

Here is the setup.

ADSL with static into a Sonic Wall. The services for exchange and the ports in the sonic wall are open.

All IPs and Redirects are set for unassigned so all IPs are accepted.

But when you go to the it says that the CA root certificate is not valid...


It sounds like your root certificate has expired, but I think you should be getting a different error if that were true.

What you should do is take a look at the certificate.  Make sure that the certificate is still valid and not expired.  

Open up your web page ( and double click on the little lock that appears in the status bar at the bottom of the browser (you may have to enable the status bar in the "view" menu of your browser.  I assume that you are using IE or Netscape.  Anyway, double click on this lock and it will give you information about expiration dates and other stuff.

if this doesn't work, then If your web server is using IIS, then go to:

>>webserverName > Control Panel > Administrative Tools > Internet Information Services > webPage/localhost >  Properties > Directory Security > View/edit Certificate

This will at least get you some information to start with.


If everything here looks peachy, then perhaps your certificate authority is not working.  If you are using verisign or some other compnay, then you need to call them to verify that their CA servers are up and running.  If your company is its own certificate authority, then you need to make sure that your CA server is up and running and the CA services are running as well.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ProperMethodzAuthor Commented:
The lock wasn't appearing.

We found the problem. It was an issue with the firewall redirecting to a unknown site.

Basically we have a POS sonicwall that "decided" to "lose" its settings causing hours of hair-pulling and head banging. This basically rendered a static IP useless because it was redirecting before getting to the internal IIS, and Exchange.

I keep telling my company to invest in a Cisco Pix... but they just don't want to spring for it.

Since you were the only person to respond, and I can't take my points back...

Happy holidays..


so, basically when the browser went to check to see if the Cert was valid it was being redirected to another destination which obviously could not authenticate the certificate.  Makes perfect sense... tough to track down though.

for the future, if something like this happens again I suppose a good start might be to use the trace route function.

If you haven't used it before it's a lot like "ping", but it shows all of the routers and servers that you go through to get somewhere.

open a command line and type:

tracert <website>    (e.g. tracert

Thanks again for the points


tracert <myServer>
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.