Certificate is invalid

Posted on 2009-02-17
Last Modified: 2012-05-06
I have a Windows SBS 2003 setup for OWA. I have created a certificate on it.
I have an A record for
When I use Windows XP and IE7, I am able to install the certifictate by doing a
I am not able to use IE7 with Windows Vista without getting a "certificate is invalid" message.
I do not want to have to purchase a third party certificate, if at all possible.
Question by:villartech
    LVL 26

    Expert Comment

    Did you try to add certificate to Vista machine using Run --> Type: MMC --> Add/Remove snapin --> Add --> Certificate

    LVL 31

    Expert Comment

    Save the certificate to file - you can export it from IIS or from one of your xp boxes in Certificates MMC and open trusted root certificate store, or personal store depending where it got put.  Open up the cert - details tab - copy to file button - follow the wizard to save to file.

    You can either deploy via GPO as a trusted root certifcate or you can copy it to the vista box and import it - assign manually - checkmark 'show physical stores' then select trusted root certification authorities store.

    Author Comment

    I have tried both recomendations - neither worked.
    When I import the certificate into the trusted root certification authority store using the import wizard, it indicates that it was successfull.
    I do not see the certificate listed, after the import though.
    FYI - When I view the certificate after I get the error, it says "This certificate cannot be verified up to a trusted certification authority.
    I have tried turning on SSL on the SBS 2003 server and I have tried importing the certificate in both the .cer and .pfx formats.
    LVL 31

    Accepted Solution

    Check the certificate on the server - details tab - verify that the issuer name is not that server, but the CA server instead.

    If you have multiple CAs (e.g. a root and subordinate) you need to have at least the root installed, preferably both CA certs.  The root cert should be in your trusted root certification authority store.  Checkmark the 'show physical stores'
    when manually selecting the store to have available for all users.

    PFX should only be on the server that the cert is issued to as it contains the private key.  The .cer that needs to be imported is only the CA server cert files, not the website cert - the website's .cer only needs to be available on the server.

    Author Comment

    Thanks for your assitance

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Join & Write a Comment

    Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
    Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    This video discusses moving either the default database or any database to a new volume.

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now