• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5278
  • Last Modified:

Getting 'unable to establish a secure connection' on non-Window environments connecting to Exchange

Our Exchange Administrator instaled Exchange 2007 SP1 with a secure SSL connection.

Ever since the install and migration from Exchange 2003 to 2007 the following warning occurs for our Macintosh Client when trying to connect to the mail server.

'Unable to establish a secure connection to [servername] because the correct root certificate is not installed.'

Users will have to click ok to accept and then their mail appears.

Windows users using a non-Internet Exlporer browser will receive this message when trying to access their mail via the webmail client

'Unable to verify the identify of *.companyname.com as a trusted site.'

Looking into ideas/suggestions as to eliminate these problems.  With Exchange 2003 we didn't have the need to install root certificates to Mac workstations or Firefox users to examine and accept certificates so we think the problem is on the server side.

0
PROJHOPE
Asked:
PROJHOPE
  • 7
  • 5
  • 2
  • +2
1 Solution
 
vishal_impactCommented:
HI
for mac issues i would suggest to look into this
www.mac.mvps.org
0
 
PROJHOPEAuthor Commented:
This is not a Mac issue though, this problem occurs on non-Internet Explorer web browsers as well running on Windows operating systems.

I think the certificate is either installed incorrectly or something is not updated.  This occurs in way too many places in many platforms not just Macintosh
0
 
vishal_impactCommented:
ok
i agrre ti this as well wait for my next post and i will give a link to the microsft article for workaround on this issue just to confirm here have you done any chages lastly on you ssl certificates since you moved to 2k7 from 2k3
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
jsoutterCommented:
I have the same issue here accessing webmail.

Exchange 2005 on a Win2K3 box with a new certificate that we just purchased.

PC's work fine however Entourage on the Mac's give us that error message.
0
 
PROJHOPEAuthor Commented:
glad to see it is not just our problem.  Has anyone called Microsoft on this?  

Even if you trust the certificate on the mac it still is a problem.

I notice that I can trust it on Windows Firefox and it works then the certificate errors comes back again...

0
 
jsoutterCommented:
OK I found the solution here:

http://www.themachelpdesk.com/modules.php?op=modload&name=News&file=index&catid=&topic=19

This did not work for us as we do not use "Self Signed" certificates but it should work for those of you that do.

* We purchased our certificates for GoDaddy and bought them as "non exportable" so this solution will not work.
0
 
PROJHOPEAuthor Commented:
This won't work for us either...we are in the same boat.  Well at least there is a solution for someone.

I am assuming the problem is either Office 2004 or Mac OS X or a bit o both...either way, I do not foresee MS adjusting it with Office 2008 out.

0
 
jsoutterCommented:
It is an issue with MS made Mac software.

I have a copy of Office 2008 so I will test it and let you know if that fixes the issue.
0
 
PROJHOPEAuthor Commented:
Sounds good, don't have Office 2008 yet in office (or home)
0
 
amaengCommented:
Hi All.
I wonder if you can help. I am getting the same problem. What happened is we have a Exchange 2003 server. 2 MAC's are connecting using Entourage. I secured OWA using a self signed certificate and the 2 MAC's would not connect there after.
I have looked and tried the below link provided by "jsoutter"
"http://www.themachelpdesk.com/modules.php?op=modload&name=News&file=index&catid=&topic=19"
This has got the clients work so thank you for that, but....
We are still getting the following error when opening entourage
"Unable to establish a secure connection to "server" because the correct root certificate is not installed"
Any ideas??
Thank you in advanced
0
 
jsoutterCommented:
Office / Entourage 2008 did not fix this issue.

I hate to say it but the only around this issue would be "Virtual PC and Outlook 2005/07"
0
 
PROJHOPEAuthor Commented:
Considering Virtual PC is almost a dead product !   I am surprised this is not on other mac/pc websites about this problem.  

Unless others have any other comments I can close this question
0
 
PROJHOPEAuthor Commented:
jsoutter,

I found this...but I am unsure what or where my root certificate is

http://forums.macrumors.com/showthread.php?t=381224
0
 
jsoutterCommented:
The link in my original post gives you a step-by-step instruction on getting the root cert off of the exchange server.
0
 
PROJHOPEAuthor Commented:
jsoutter,

found out I am in the same boat as you are, when I go to export the Certificate I do not have the option to select 'Yes, I want to export the private key'

So lessons learned from this, if the SSL certificate is not able to export, then Macintosh users (and in some cases Windows users with Firefox) will always receive the nagging 'unable to establish a secure connection...'

Maybe one day Microsoft or Apple will fix this...

0
 
DannytechCommented:
If you are doing self-signed certificates Export the Certificate Authority Cert in Trusted Roots Certificates on that Windows Server - DER is fine for the Export.  On the Mac Computer just double click on the Certificate and have it installed into Keychain on the Mac.  

That will stop the root certificate error.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 7
  • 5
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now