newly installed computers can't trust the certificate of exchange server

Dear All,

i have a public certificate from entrust and it works perfectly from out side the company but from the inside i configured the owa to be windows integrated and basic authintication and all the others like it but i am recieving a certificate ,this only happened with my local servers names.

i opened mmc- certificates - computer

and i found it unable to trust the entrust

i tried to trace the server and i didn't find any backet going to the internet

how can i know what to tell the network team to allow for the entrust to work
ALAA_ELMAHDYAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
craig_j_LawrenceConnect With a Mentor Commented:
you can use group policy to distribute the root certificate to all your workstations, look at this technet article for details
0
 
craig_j_LawrenceCommented:
Hi,

Did you add the local server names to the Subject Alternate Name (SAN) list when the certificate was created?

for a client computer to "accept" a certificate, the host name you are entering in the browser must match one of the names associated with the certificate.

0
 
MegaNuk3Commented:
As Craig says you either need to change the cert subject

OR

Add an internal DNS entry for whatever name is on your cert to resolve to the internal IP address of your web server.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
ALAA_ELMAHDYAuthor Commented:
both of them are existing

the names are very well in the certificate it self (SAN one)

and it was working perfectly and still working on the server zone but i don't know what happened.

this message disappears when i trust the entrust certificate chain so i think it's a matter of the clients can't check the issuer of the certificate but i don't know what to do then.

the certificate is working from the internet perfectly and the servers that appear on the message are the client access servers.
0
 
ALAA_ELMAHDYAuthor Commented:
and there is a dns record for what ever names in the certificate.
0
 
MegaNuk3Commented:
Can you post the cert error message? Modify the domain name in MSPaint if you want.
0
 
MegaNuk3Commented:
Also, where are you receiving the cert warning? Outlook or OWA on these new machines?
0
 
ALAA_ELMAHDYAuthor Commented:
I am recieving this message on the new Pc's

i had called microsoft support and they transfer the issue from exchange to windows team we reached that the windows is able to download the entrust certificate from the windows update site but not able to inject it to the local pc's certificates.
0
 
MegaNuk3Commented:
So you are going to have to install the cert manually then? Surely Entrust will have something to say about this? Have you tried installing IE 9 or the latest Root Certificate update from Windows Update?
0
 
ALAA_ELMAHDYAuthor Commented:
how can i install the latest Root Certificate update from Windows Update
0
 
MegaNuk3Commented:
IE --> tools --> safety --> windows update
It should be listed as one of the optional updates
0
 
ALAA_ELMAHDYAuthor Commented:
THIS IS WINDOWS 7 AND it's fully updated
0
 
MegaNuk3Commented:
Have you spoken to your cert provider to see if they have any solution? You may need a new intermediate cert from them to resolve this.
0
 
ALAA_ELMAHDYAuthor Commented:
i have downloaded the certificate from windows update and checked for the update and discovered that the last update is 2009 means nothing new and also when i installed the certificate it works like sharm.
0
 
ALAA_ELMAHDYAuthor Commented:
but i want to get it working on all pc's
0
 
ALAA_ELMAHDYAuthor Commented:
sorry for not closing the Question due to limited connectivity.

Finally microsoft announced that there was there an error in the windows update package which the windows 7 uses to update the trusted CA's list.

and this was fixed and republished by the windows Update team.

thanks
Alaa Elahdy
0
 
Glen KnightCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.