?
Solved

The security certificate has expired or is not yet valid.

Posted on 2009-04-28
11
Medium Priority
?
4,089 Views
Last Modified: 2012-05-06
We purchased a Multiple Domain SSL for this Exchange 2007 box, installed and it is working correctly. When I go to OWA, I dont get a SSL error, all is good. When any user opens Outlook we get these SSL errors. The issue I see is when viewing the certificate it says "www.domainname.org" Our Multi Domain SSL is for the following:

mail.domainname.org, remote.domainname.org, autodiscover.domainname.org login.domainname.org and exchange.domainname.org

Attached are the errors...
 
Security-Alert.jpg
View-CertPath.jpg
ViewCert.jpg
0
Comment
Question by:LeviDaily
  • 5
  • 3
  • 2
  • +1
11 Comments
 
LVL 6

Accepted Solution

by:
ikshf143 earned 168 total points
ID: 24251997
If you notice the General Tab of the certificate then you would notice that the certificate has expired on 3/24/2009 a month back, so this error is valid. You need to renew the certificate
0
 
LVL 9

Assisted Solution

by:esmith69
esmith69 earned 334 total points
ID: 24252003
Sounds like the autodiscover service is not using the correct certificate.  Have you restarted IIS since applying the new certificate?
0
 
LVL 2

Author Comment

by:LeviDaily
ID: 24252054
Problem is, this isnt the Godaddy cert that was purchased. We didnt purchase a SSL with www.domainname.org. I have restarted IIS. Not sure where the Autodiscover service is set to use the correct certificate.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 9

Assisted Solution

by:esmith69
esmith69 earned 334 total points
ID: 24252076
Did you run the Enable-ExchangeCertificate command in powershell to install the purchased certificate for the IIS service?  Or did you use some other procedure?
0
 
LVL 2

Author Comment

by:LeviDaily
ID: 24252289
Did run the command in powershell. I wasnt the actual one that did it, is there a way I can check that? Or can you tell me the command?
0
 
LVL 40

Assisted Solution

by:Philip Elder
Philip Elder earned 498 total points
ID: 24252296
SBS 2008 or SBS 2003?

The certificates are handled differently. You can, however, verify that the correct certificate is installed on both by binding the Certificates Snap-In in a new MMC. Check the Personal store to make sure that the certificates are in place.

Also, it is possible that the root CA for the certificate had an expired certificate.

You may need to use the Certificate Wizard on SBS 2008, or the proper IIS 6 method for SBS 2003, to generate a new CSR and get a new copy of the cert. Make sure the cert says Private Key attached in it when viewing it in the Certificates snap-in.

Philip
0
 
LVL 2

Author Comment

by:LeviDaily
ID: 24252309
SBS 2008....Can you explain further?
0
 
LVL 40

Assisted Solution

by:Philip Elder
Philip Elder earned 498 total points
ID: 24252385
Start a new MMC session (Start --> MMC) and add the Certificates snap-in.
Navigate to the Personal Store to verify that the correct certificate is installed.

If it is not, then generate a new CSR by running the Certificate Wizard from the SBS Console (Network --> Connectivity --> Add a trusted certificate). Paste the CSR into your provider's CSR and they will generate a new certificate. Rerun the wizard to import the new certificate when it arrives via e-mail or you downloaded it.

Did you use the wizard to set the third party certificate in place?

Here is a good instruction set:
http://blogs.technet.com/sbs/archive/2009/02/11/sean-daniel-how-to-install-a-godaddy-certificate-on-sbs-2008.aspx

Philip
0
 
LVL 2

Author Comment

by:LeviDaily
ID: 24252491
I navigated to the personal store and it is the ONLY certificate in the store. The details on that certificate are valid from 4/3/2009 - 4/3/2010.
0
 
LVL 40

Assisted Solution

by:Philip Elder
Philip Elder earned 498 total points
ID: 24252748
Then follow the instructions from within the certificate wizard on how to work with an existing certificate. You already have the cert in the Personal Store. Make sure it says it has the private key on it (will be under the Valid From To part).

If it does not have the private key, then the import process did not work properly. Follow Sean's post to generate a new CSR and install it.

Philip
0
 
LVL 2

Author Closing Comment

by:LeviDaily
ID: 31575523
Not sure it works.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month17 days, 13 hours left to enroll

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question