[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1308
  • Last Modified:

Certificate problems

I currently host a small exchange server with about 10 users. I have a SSL Certificate installed from RapidSSL. The problem I am having is that when I go to http://exchgsvr.moermond.com/exchange I get a "There is a problem with this websites certificate". The problem is not so much for remote users as it is for synchronizing to my treo device. Everytime I try to synchronize I get a certificate error message on my treo. Any suggestions?
0
nitrousgtstang
Asked:
nitrousgtstang
  • 2
  • 2
1 Solution
 
merowingerCommented:
it should be https:// or?
0
 
nitrousgtstangAuthor Commented:
Sorry for the typo. Yes it should be https://exchgsvr.moermond.com/exchange
0
 
northcideCommented:
I'm guessing you did not install the intermediate certificate in the intermediate cert store on the server.

start here and run this utility:  http://www.microsoft.com/downloads/details.aspx?familyid=cabea1d0-5a10-41bc-83d4-06c814265282&displaylang=en

0
 
nitrousgtstangAuthor Commented:
System time: Tue, 07 Aug 2007 16:12:07 GMT
ModuleFileName: C:\Program Files\IIS Resources\SSLDiag\SSLDiag.exe version: 1.1:34.0
CommandLine: "C:\Program Files\IIS Resources\SSLDiag\SSLDiag.exe"
ProcessorArchitecture: x86
OS: Windows 2003 Service Pack 2
IIS6 - World Wide Web Publishing (W3SVC) service is installed

[ HKLM\System\CurrentControlSet\Services\HTTPFilter ]
ImagePath = C:\WINDOWS\system32\lsass.exe
Parameters\CertChainCacheOnlyUrlRetrieval = True(default)
EnableKernelSsl = False(default)
strmfilt.dll loaded into process 456 (lsass.exe)

[ SChannel Info ]
ServerCacheEntries = 88
ServerActiveEntries = 0
ServerHandshakes = 107
ServerReconnects = 68
CacheSize = 10000

[ W3SVC/1 ]
ServerComment = Default Web Site
ServerState = Server started
#Impersonated server account
SSLCertHash = f5 e2 26 d9 6f ca 0c ff 75 df a6 ce b4
SSLStoreName = MY
#CertName = exchgsvr.moermond.com
#You have a private key that corresponds to this certificate
#ContainerName='2c6089ae362677c10eacb1b205206626_11516d68-83d4-407f-899e-cad32c73ec8b'
#ProvName='Microsoft RSA SChannel Cryptographic Provider' ProvType=PROV_RSA_SCHANNEL KeySpec=AT_KEYEXCHANGE
#Subject: C=US, O=exchgsvr.moermond.com, OU=GT23976799, OU=See www.rapidssl.com/resources/cps (c)07, OU=Domain Control Validated - RapidSSL(R), CN=exchgsvr.moermond.com
#Issuer: C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
#Validity: From 7/18/2007 6:20:56 AM To 8/17/2008 6:20:56 AM
CertVerifyCertificateChainPolicy succeeded
SecureBindings = :443:

[ W3SVC/1/ROOT ]
AccessSSLFlags = 0 (0x0)

[ W3SVC/1/ROOT/Exchange ]
AccessSSLFlags = 264 (0x108)
AccessSSL = True
AccessSSL128 = True
AccessSSLNegotiateCert = False
AccessSSLRequireCert = False
AccessSSLMapCert = False

[ W3SVC/1/ROOT/ExchDAV ]
AccessSSLFlags = 0 (0x0)

[ W3SVC/25341 ]
ServerComment = Administration
ServerState = Server started
AccessSSLFlags = 8
#Impersonated server account
SSLCertHash = c8 9f 0d 79 ee ef 30 fa 9f 6e 17 d3 ae df c7
SSLStoreName = MY
#CertName = exchgsvr.moermond.local
#You have a private key that corresponds to this certificate
#ContainerName='SELFSIGN_DEFAULT_CONTAINER'
#ProvName='Microsoft Enhanced Cryptographic Provider v1.0' ProvType=PROV_RSA_FULL KeySpec=AT_KEYEXCHANGE
#Subject: CN=exchgsvr.moermond.local
#Issuer: CN=exchgsvr.moermond.local
#Validity: From 7/16/2007 5:35:53 AM To 7/15/2008 11:35:53 AM
CertVerifyCertificateChainPolicy succeeded
SecureBindings = :8098:

Diagnostics complete, system time: Tue, 07 Aug 2007 16:12:09 GMT
0
 
northcideCommented:
looks like ssl is setup on the server without a problem.  https://exchgsvr.moermond.com/exchange/ works in both IE and firefox.

i assume you are using a windows treo and trying to activesync to your server?  I seem to remember something like this in the past.  on the default website > security tab > secure communications (edit button) - is that set to require ssl?  if so that should not be set.  

Also, when connecting to activesync you are not entering /exchange/.  the server name should just be exchgsvr.moermond.com.

Now i might be misunderstanding you as you said things completely contradictory to what i've just said, so please be more specific
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now