• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 895
  • Last Modified:

Outlook Invalid Security Certificate Rpc setup?

Hey all,

Real quick question I think I have rpc setup correclty its just everytime I use the test account setup to access it remotley I get the attached error, Now of course my certificate is not valid does it need to be and if so where can I purchase one and how to implement it?
Untitled.jpg
0
AmityNA
Asked:
AmityNA
  • 5
  • 4
6 Solutions
 
LegendZMPrincipal Security ArchitectCommented:
See my post here: http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23473145.html

It goes over everything you need to know about installing a certificate into your Exchange server.
0
 
AmityNAAuthor Commented:
Great thanks for the link but I am kinda green to all this so is that saying that I have to purchase a certificate and what certificate do I need? Also this is the current one that is in the rpc. I do not run exchange 2007 as well I am running sbs 2003 which I dont know if that makes a difference? I am able to access the email through owa with no problems
New1.bmp
0
 
LegendZMPrincipal Security ArchitectCommented:
oh, if you are running Exchange 2003, you do not need a UCC certificate, just a regular certificate will do.

You need to purchase one by the address people access your server by   'mail.yourdomain.com'   webmail.yourdomain.com
whatever the common name is that people access Outlook web access by,

www.godaddy.com the basic cert for $30 will be fine, then install it on the 'default web site'  They'll provide instructions for installing the cert and generating it once you've purchased it.
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
AmityNAAuthor Commented:
Ok great so I take it that certificate that is present in the screenshot is not what I am looking for? Like I said I can access my web workplace remotley with using say exchange.amitymachine.com

Thanks
0
 
AmityNAAuthor Commented:
Like I said very green I appreciate your patience, So I am purchasing a ssl certificate
0
 
LegendZMPrincipal Security ArchitectCommented:
Make sure you are purchasing it for the domain that people access outlook web access from outside of your office.
0
 
raptorjb007Commented:
As LegendZM mentioned you do need to configure SSL on the exchange server if not already configured.

The clients also need to have the Certificate for the Root Certificate Authority that granted your exchange server its certificate installed, otherwise the client will not trust the exchange server and the RCP-over-http connection will fail. With this in mind, using a purchased certificate from a commercial SSL provider will greatly simplify installations as windows trusts most commercial SSL providers by default. You can however install your own Root Certificate authority and generate your own exchange -certificate, in this case you will have to manually install the certificate for your Certificate Authority on each client PC.

Server SBS generates its own certificate by default, if you wish to use the one already installed you will have to export that certificate and install it on each client as I previously mentioned.

To export the Certificate for the RootCA do the following.
Open IIS Manager,
-Browse to the "default website", right click and choose properties
-Click on "Directory Security", then "View Certificate"
-Choose the "Certificate Path" Tab
-In the certificate oath tab you should see a tree with two certificztes listed, one is the Certificate Authority certificate, the other is the Exchange IIS Certificate.
-Click on the Certificate at the top of the tree, then click on view.
-In the certificate properties windows, click on the details tab, then choose "copy to file.
-Click Next, choose DER encoded, click next, choose a name and location to save this certificate.

To install your CA certificate on a client so that outlook trusts the exchange server.
-Log into the PC as an administrator
-Copy the certificate file to the PC
-Right click the certificate, choose "install certificate".
-Choose next, select "Place all certificate dint he following store", select browse.
-Check the box to "show physical stores", in the path tree expand "third party root certificate authorities", and select "Local Computer"
-Click OK, click next, click finish.

This should resolve the issue of a outlook client not trusting your self-signed certificate form the small business server. To avoid these steps, purchase a commercial certificate.
0
 
LegendZMPrincipal Security ArchitectCommented:
Since he's purchasing a signed SSL certificate he won't need to install the self signed cert.
0
 
AmityNAAuthor Commented:
I purchased it already now question is do I need to put this on the client machines as well or no
0
 
LegendZMPrincipal Security ArchitectCommented:
Nope, you just need to follow their FAQ to generate the certificate request, then install the certificate on IIS and enforce SSL.

because it's a signed authority they won't need it installed as "godaddy" is a trusted source.

I would the advise contacting them for instructions on how to install the certificate, trusted authorties each have their own instructions, there should be a picture tutorial somewhere in the member account area.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now