sgs521
asked on
Server's certificate chain has expired or is not yet valid
I updated our SSL Cert for our Exchange 2003 server back in January. I believe the current certificate was due to expire yesterday (April 5th, 2009). As of this morning, I am receiving the following message on Entourage clients which have been configured with the option "This LDAP server requires a secure conection(SSL)". I do not encounter certificate errors when I connect to the Exchange server via OWA. I have verified on my exchange server that the current certificate installed for the 'Default Web Site' is valid, it expires on April 5th, 2011. Is there perhaps another location in which I missed updating the cert? Any info would be greatly appreciated. I am attaching a screen cap of the error message which Entourage is producing.
entourage-secure-error.jpg
entourage-secure-error.jpg
ASKER
The client connects as an exchange client, which in my limited understanding of how Entourage actually talks to exchange, I think is over http. There's a configuration option in the account setup that specifies the account is on exchange, then I have to enter both the exchange server and ldap server, which is the same server address. We don't have anyone who is using pop, smtp or imap directly from the email client in our environment.
Maybe you have to update the certificate on the Macs:
http://www.askdavetaylor.com/install_root_certificate_with_microsoft_entourage.html
http://blogs.technet.com/amir/archive/2008/06/12/client-certificate-based-authentication-in-entourage-2008.aspx
http://wintivity.wigital.net/uncategorized/mac-entourage-2008-rpc-http-uses-webdav-to-exchange
http://www.askdavetaylor.com/install_root_certificate_with_microsoft_entourage.html
http://blogs.technet.com/amir/archive/2008/06/12/client-certificate-based-authentication-in-entourage-2008.aspx
http://wintivity.wigital.net/uncategorized/mac-entourage-2008-rpc-http-uses-webdav-to-exchange
ASKER
Thanks strung, the first link http://www.askdavetaylor.com/install_root_certificate_with_microsoft_entourage.html seemed to fix this. Just really odd that it had been working before this when we'd never installed the cert client side. Going to do more testing across other workstations before I accept as solution, but it looks like that may be the one.
Glad to be of help
ASKER
An update, I returned to the office this morning, booted up my laptop, launched Entourage and received the error again. So it looks like perhaps installing the cert client side only temporarily fixed until reboot. I'm thinking there's still something I've missed when updating the secure cert on the exchange server. The only way to repeatedly duplicate the issue is by turning on the "this ldap server requires a secure connection" option under account settings in Entourage. Is there another location that the certificate needs to be installed within Active Directory to secure it's ldap communication?
ASKER
Also as an update, on the configuration of the exchange server, this was put in place prior to my arrival, but it was configured with AD and Exchange on the same server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How is this client connecting to the server? If POP/IMAP, have you made sure the new certificate is installed on those services?
Thanks.
Andrew.