Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Outlook Invalid Security Certificate Rpc setup?

Posted on 2008-06-10
10
Medium Priority
?
892 Views
Last Modified: 2011-10-19
Hey all,

Real quick question I think I have rpc setup correclty its just everytime I use the test account setup to access it remotley I get the attached error, Now of course my certificate is not valid does it need to be and if so where can I purchase one and how to implement it?
Untitled.jpg
0
Comment
Question by:AmityNA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 16

Assisted Solution

by:LegendZM
LegendZM earned 1920 total points
ID: 21753970
See my post here: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23473145.html

It goes over everything you need to know about installing a certificate into your Exchange server.
0
 
LVL 2

Author Comment

by:AmityNA
ID: 21754119
Great thanks for the link but I am kinda green to all this so is that saying that I have to purchase a certificate and what certificate do I need? Also this is the current one that is in the rpc. I do not run exchange 2007 as well I am running sbs 2003 which I dont know if that makes a difference? I am able to access the email through owa with no problems
New1.bmp
0
 
LVL 16

Assisted Solution

by:LegendZM
LegendZM earned 1920 total points
ID: 21754174
oh, if you are running Exchange 2003, you do not need a UCC certificate, just a regular certificate will do.

You need to purchase one by the address people access your server by   'mail.yourdomain.com'   webmail.yourdomain.com
whatever the common name is that people access Outlook web access by,

www.godaddy.com the basic cert for $30 will be fine, then install it on the 'default web site'  They'll provide instructions for installing the cert and generating it once you've purchased it.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 2

Author Comment

by:AmityNA
ID: 21754274
Ok great so I take it that certificate that is present in the screenshot is not what I am looking for? Like I said I can access my web workplace remotley with using say exchange.amitymachine.com

Thanks
0
 
LVL 2

Author Comment

by:AmityNA
ID: 21754308
Like I said very green I appreciate your patience, So I am purchasing a ssl certificate
0
 
LVL 16

Assisted Solution

by:LegendZM
LegendZM earned 1920 total points
ID: 21754377
Make sure you are purchasing it for the domain that people access outlook web access from outside of your office.
0
 
LVL 6

Assisted Solution

by:raptorjb007
raptorjb007 earned 80 total points
ID: 21754491
As LegendZM mentioned you do need to configure SSL on the exchange server if not already configured.

The clients also need to have the Certificate for the Root Certificate Authority that granted your exchange server its certificate installed, otherwise the client will not trust the exchange server and the RCP-over-http connection will fail. With this in mind, using a purchased certificate from a commercial SSL provider will greatly simplify installations as windows trusts most commercial SSL providers by default. You can however install your own Root Certificate authority and generate your own exchange -certificate, in this case you will have to manually install the certificate for your Certificate Authority on each client PC.

Server SBS generates its own certificate by default, if you wish to use the one already installed you will have to export that certificate and install it on each client as I previously mentioned.

To export the Certificate for the RootCA do the following.
Open IIS Manager,
-Browse to the "default website", right click and choose properties
-Click on "Directory Security", then "View Certificate"
-Choose the "Certificate Path" Tab
-In the certificate oath tab you should see a tree with two certificztes listed, one is the Certificate Authority certificate, the other is the Exchange IIS Certificate.
-Click on the Certificate at the top of the tree, then click on view.
-In the certificate properties windows, click on the details tab, then choose "copy to file.
-Click Next, choose DER encoded, click next, choose a name and location to save this certificate.

To install your CA certificate on a client so that outlook trusts the exchange server.
-Log into the PC as an administrator
-Copy the certificate file to the PC
-Right click the certificate, choose "install certificate".
-Choose next, select "Place all certificate dint he following store", select browse.
-Check the box to "show physical stores", in the path tree expand "third party root certificate authorities", and select "Local Computer"
-Click OK, click next, click finish.

This should resolve the issue of a outlook client not trusting your self-signed certificate form the small business server. To avoid these steps, purchase a commercial certificate.
0
 
LVL 16

Assisted Solution

by:LegendZM
LegendZM earned 1920 total points
ID: 21754540
Since he's purchasing a signed SSL certificate he won't need to install the self signed cert.
0
 
LVL 2

Author Comment

by:AmityNA
ID: 21754740
I purchased it already now question is do I need to put this on the client machines as well or no
0
 
LVL 16

Accepted Solution

by:
LegendZM earned 1920 total points
ID: 21754902
Nope, you just need to follow their FAQ to generate the certificate request, then install the certificate on IIS and enforce SSL.

because it's a signed authority they won't need it installed as "godaddy" is a trusted source.

I would the advise contacting them for instructions on how to install the certificate, trusted authorties each have their own instructions, there should be a picture tutorial somewhere in the member account area.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
This video discusses moving either the default database or any database to a new volume.
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question