We help IT Professionals succeed at work.

Certificate is invalid

villartech asked
Medium Priority
Last Modified: 2012-05-06
I have a Windows SBS 2003 setup for OWA. I have created a certificate on it.
I have an A record for mail.mydomainname.com
When I use Windows XP and IE7, I am able to install the certifictate by doing a  http://mail.mydomainname.com/certsrv.
I am not able to use IE7 with Windows Vista without getting a "certificate is invalid" message.
I do not want to have to purchase a third party certificate, if at all possible.
Watch Question

Top Expert 2009

Did you try to add certificate to Vista machine using Run --> Type: MMC --> Add/Remove snapin --> Add --> Certificate

ParanormasticCryptographic Engineer

Save the certificate to file - you can export it from IIS or from one of your xp boxes in Certificates MMC and open trusted root certificate store, or personal store depending where it got put.  Open up the cert - details tab - copy to file button - follow the wizard to save to file.

You can either deploy via GPO as a trusted root certifcate or you can copy it to the vista box and import it - assign manually - checkmark 'show physical stores' then select trusted root certification authorities store.


I have tried both recomendations - neither worked.
When I import the certificate into the trusted root certification authority store using the import wizard, it indicates that it was successfull.
I do not see the certificate listed, after the import though.
FYI - When I view the certificate after I get the error, it says "This certificate cannot be verified up to a trusted certification authority.
I have tried turning on SSL on the SBS 2003 server and I have tried importing the certificate in both the .cer and .pfx formats.
Cryptographic Engineer
Check the certificate on the server - details tab - verify that the issuer name is not that server, but the CA server instead.

If you have multiple CAs (e.g. a root and subordinate) you need to have at least the root installed, preferably both CA certs.  The root cert should be in your trusted root certification authority store.  Checkmark the 'show physical stores'
when manually selecting the store to have available for all users.

PFX should only be on the server that the cert is issued to as it contains the private key.  The .cer that needs to be imported is only the CA server cert files, not the website cert - the website's .cer only needs to be available on the server.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


Thanks for your assitance
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.