• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4123
  • Last Modified:

The security certificate has expired or is not yet valid.

We purchased a Multiple Domain SSL for this Exchange 2007 box, installed and it is working correctly. When I go to OWA, I dont get a SSL error, all is good. When any user opens Outlook we get these SSL errors. The issue I see is when viewing the certificate it says "www.domainname.org" Our Multi Domain SSL is for the following:

mail.domainname.org, remote.domainname.org, autodiscover.domainname.org login.domainname.org and exchange.domainname.org

Attached are the errors...
 
Security-Alert.jpg
View-CertPath.jpg
ViewCert.jpg
0
LeviDaily
Asked:
LeviDaily
  • 5
  • 3
  • 2
  • +1
6 Solutions
 
ikshf143Commented:
If you notice the General Tab of the certificate then you would notice that the certificate has expired on 3/24/2009 a month back, so this error is valid. You need to renew the certificate
0
 
esmith69Commented:
Sounds like the autodiscover service is not using the correct certificate.  Have you restarted IIS since applying the new certificate?
0
 
LeviDailyAuthor Commented:
Problem is, this isnt the Godaddy cert that was purchased. We didnt purchase a SSL with www.domainname.org. I have restarted IIS. Not sure where the Autodiscover service is set to use the correct certificate.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell┬« is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
esmith69Commented:
Did you run the Enable-ExchangeCertificate command in powershell to install the purchased certificate for the IIS service?  Or did you use some other procedure?
0
 
LeviDailyAuthor Commented:
Did run the command in powershell. I wasnt the actual one that did it, is there a way I can check that? Or can you tell me the command?
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
SBS 2008 or SBS 2003?

The certificates are handled differently. You can, however, verify that the correct certificate is installed on both by binding the Certificates Snap-In in a new MMC. Check the Personal store to make sure that the certificates are in place.

Also, it is possible that the root CA for the certificate had an expired certificate.

You may need to use the Certificate Wizard on SBS 2008, or the proper IIS 6 method for SBS 2003, to generate a new CSR and get a new copy of the cert. Make sure the cert says Private Key attached in it when viewing it in the Certificates snap-in.

Philip
0
 
LeviDailyAuthor Commented:
SBS 2008....Can you explain further?
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Start a new MMC session (Start --> MMC) and add the Certificates snap-in.
Navigate to the Personal Store to verify that the correct certificate is installed.

If it is not, then generate a new CSR by running the Certificate Wizard from the SBS Console (Network --> Connectivity --> Add a trusted certificate). Paste the CSR into your provider's CSR and they will generate a new certificate. Rerun the wizard to import the new certificate when it arrives via e-mail or you downloaded it.

Did you use the wizard to set the third party certificate in place?

Here is a good instruction set:
http://blogs.technet.com/sbs/archive/2009/02/11/sean-daniel-how-to-install-a-godaddy-certificate-on-sbs-2008.aspx

Philip
0
 
LeviDailyAuthor Commented:
I navigated to the personal store and it is the ONLY certificate in the store. The details on that certificate are valid from 4/3/2009 - 4/3/2010.
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Then follow the instructions from within the certificate wizard on how to work with an existing certificate. You already have the cert in the Personal Store. Make sure it says it has the private key on it (will be under the Valid From To part).

If it does not have the private key, then the import process did not work properly. Follow Sean's post to generate a new CSR and install it.

Philip
0
 
LeviDailyAuthor Commented:
Not sure it works.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now