Solved

Exchange 2010 SSL Certificate Issue?

Posted on 2013-02-05
9
288 Views
Last Modified: 2013-02-15
Sir,

WE installed exchange 2010 server and external owa url is worked  but we type the full owa url as per the https://mail.lexgyan.com/owa .

It shows the IE certificate error bar.But that certificate when we installed in IE in the trusted root cert Auth, that certificate is showing installed in IE but when we search in IE that certificate is not finding.

when we export from the other browser and installed in IE. It show Red bar in IE browser

Because of this certificate we can't installed the outlook account on desktops.
Here we attached the file for the reference.

1)we need the certificate is valid and how to validate for external users to configure their outlook accounts.

Suggest for above issue.
outlook-error.jpg
cert.jpg
0
Comment
Question by:techgyan
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 7

Expert Comment

by:SvenIA
ID: 38858344
I don't think that the Outlook connection error is caused by the certificate. Correct me if i'm wrong please. Maybe this helps?

http://support.microsoft.com/kb/2264398

For owa do you have the correct URL added to the certificate?
0
 
LVL 5

Expert Comment

by:9l1ves
ID: 38858403
Another possible could be that you have RPC encryption enabled on exchange 2010 which by default is not used in outlook 2003.

http://support.microsoft.com/kb/2006508

Another thing to consider is your outlook 2003 clients need to be at least at SP3 to work with Exchange 2010.

Alot of issues still exist with Outlook 2003 clients and exchange 2010 unless you upgrade Exchange 2010 to At least SP1.

To sort out the certificate
Is this a certificate issued by a domain joined CA?
If it is domain joined are these clients in the same domain?
If the CA and machines are in the same Domain this certificate should be explicitly trusted already. If its not then this indicates a bigger domain issue, such as group policy not applying. (From the looks of it this is the case). If you just want to resolve the CA issue then
1) Download the CA chain from the CA.
2) Open an MMC
3) file -> add/remove snapin
4) Certificates
5) Computer Account
6) Local Computer
7) Finish
8) oK
9) Expand Certificates(Local Computer)
10) Right click Trusted Root Certification Authorities
11) Select Import and choose the Chain you downloaded earlier

If the CA is however not in the same domain then you need to follow the above steps.
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38858501
Purchase certificate or SAN certifcate from the third party vendor like go daddy, digicert.com.

To  validate for external users to configure their outlook accounts.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:techgyan
ID: 38870927
Sir,

Thanks for the above suggested solutions.
We did the GP Policy and we also run the EMS commands on server and enable and RPC commands.

But We configure the outlook 2007 profile but currently we are facing the outlook folders download error.

1)How to remove RED mark from my ssl certificate?
2)How to download my mails folder in outlook 2007 client?

Here we attached the images files.
attachment--1-.jpg
attachment.jpg
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38872209
This certificate issue by your own CA and it is not recognize by world wide so it show red mark. If you want to keep it this certificate with red mark just install this certificate in certificate on your local computers.

OR

Try the third party (like go daddy, digicert.com.) certificate to remove red mark from your ssl certificate.
0
 
LVL 5

Expert Comment

by:9l1ves
ID: 38872916
As stated in my previous comment

To sort out the certificate
If you just want to resolve the CA issue then
1) Download the CA chain from the CA.
2) Open an MMC
3) file -> add/remove snapin
4) Certificates
5) Computer Account
6) Local Computer
7) Finish
8) oK
9) Expand Certificates(Local Computer)
10) Right click Trusted Root Certification Authorities
11) Select Import and choose the Chain you downloaded earlier

The error with downloading mail indicates that it could not connect to exchange. This can be due to a number of reasons. Connectivity, incorrect details, incorrect publishing, etc.
0
 

Author Comment

by:techgyan
ID: 38879857
Sir,

As per the above suggested solutions we used but still my outlook issue is not resolved it showing error in outlook 2010.

Here we attached  file suggest for the same.
outlook-error-lexgyan.jpg
0
 
LVL 5

Accepted Solution

by:
9l1ves earned 500 total points
ID: 38879955
For every place you getting the certificate error you need to import the full chain to the trusted root store on your computer Certificate location. Can you take a screenshot of what the certificate has in its certification path? As it looks like the certificate chain wasn't imported correctly
0
 

Author Closing Comment

by:techgyan
ID: 38896006
Thanks for the support.
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
Read this checklist to learn more about the 15 things you should never include in an email signature.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question