Solved

Exchange 2010 SSL Certificate Issue?

Posted on 2013-02-05
9
283 Views
Last Modified: 2013-02-15
Sir,

WE installed exchange 2010 server and external owa url is worked  but we type the full owa url as per the https://mail.lexgyan.com/owa .

It shows the IE certificate error bar.But that certificate when we installed in IE in the trusted root cert Auth, that certificate is showing installed in IE but when we search in IE that certificate is not finding.

when we export from the other browser and installed in IE. It show Red bar in IE browser

Because of this certificate we can't installed the outlook account on desktops.
Here we attached the file for the reference.

1)we need the certificate is valid and how to validate for external users to configure their outlook accounts.

Suggest for above issue.
outlook-error.jpg
cert.jpg
0
Comment
Question by:techgyan
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 7

Expert Comment

by:SvenIA
ID: 38858344
I don't think that the Outlook connection error is caused by the certificate. Correct me if i'm wrong please. Maybe this helps?

http://support.microsoft.com/kb/2264398

For owa do you have the correct URL added to the certificate?
0
 
LVL 5

Expert Comment

by:9l1ves
ID: 38858403
Another possible could be that you have RPC encryption enabled on exchange 2010 which by default is not used in outlook 2003.

http://support.microsoft.com/kb/2006508

Another thing to consider is your outlook 2003 clients need to be at least at SP3 to work with Exchange 2010.

Alot of issues still exist with Outlook 2003 clients and exchange 2010 unless you upgrade Exchange 2010 to At least SP1.

To sort out the certificate
Is this a certificate issued by a domain joined CA?
If it is domain joined are these clients in the same domain?
If the CA and machines are in the same Domain this certificate should be explicitly trusted already. If its not then this indicates a bigger domain issue, such as group policy not applying. (From the looks of it this is the case). If you just want to resolve the CA issue then
1) Download the CA chain from the CA.
2) Open an MMC
3) file -> add/remove snapin
4) Certificates
5) Computer Account
6) Local Computer
7) Finish
8) oK
9) Expand Certificates(Local Computer)
10) Right click Trusted Root Certification Authorities
11) Select Import and choose the Chain you downloaded earlier

If the CA is however not in the same domain then you need to follow the above steps.
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38858501
Purchase certificate or SAN certifcate from the third party vendor like go daddy, digicert.com.

To  validate for external users to configure their outlook accounts.
0
 

Author Comment

by:techgyan
ID: 38870927
Sir,

Thanks for the above suggested solutions.
We did the GP Policy and we also run the EMS commands on server and enable and RPC commands.

But We configure the outlook 2007 profile but currently we are facing the outlook folders download error.

1)How to remove RED mark from my ssl certificate?
2)How to download my mails folder in outlook 2007 client?

Here we attached the images files.
attachment--1-.jpg
attachment.jpg
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38872209
This certificate issue by your own CA and it is not recognize by world wide so it show red mark. If you want to keep it this certificate with red mark just install this certificate in certificate on your local computers.

OR

Try the third party (like go daddy, digicert.com.) certificate to remove red mark from your ssl certificate.
0
 
LVL 5

Expert Comment

by:9l1ves
ID: 38872916
As stated in my previous comment

To sort out the certificate
If you just want to resolve the CA issue then
1) Download the CA chain from the CA.
2) Open an MMC
3) file -> add/remove snapin
4) Certificates
5) Computer Account
6) Local Computer
7) Finish
8) oK
9) Expand Certificates(Local Computer)
10) Right click Trusted Root Certification Authorities
11) Select Import and choose the Chain you downloaded earlier

The error with downloading mail indicates that it could not connect to exchange. This can be due to a number of reasons. Connectivity, incorrect details, incorrect publishing, etc.
0
 

Author Comment

by:techgyan
ID: 38879857
Sir,

As per the above suggested solutions we used but still my outlook issue is not resolved it showing error in outlook 2010.

Here we attached  file suggest for the same.
outlook-error-lexgyan.jpg
0
 
LVL 5

Accepted Solution

by:
9l1ves earned 500 total points
ID: 38879955
For every place you getting the certificate error you need to import the full chain to the trusted root store on your computer Certificate location. Can you take a screenshot of what the certificate has in its certification path? As it looks like the certificate chain wasn't imported correctly
0
 

Author Closing Comment

by:techgyan
ID: 38896006
Thanks for the support.
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now