techgyan
asked on
Exchange 2010 SSL Certificate Issue?
Sir,
WE installed exchange 2010 server and external owa url is worked but we type the full owa url as per the https://mail.lexgyan.com/owa .
It shows the IE certificate error bar.But that certificate when we installed in IE in the trusted root cert Auth, that certificate is showing installed in IE but when we search in IE that certificate is not finding.
when we export from the other browser and installed in IE. It show Red bar in IE browser
Because of this certificate we can't installed the outlook account on desktops.
Here we attached the file for the reference.
1)we need the certificate is valid and how to validate for external users to configure their outlook accounts.
Suggest for above issue.
outlook-error.jpg
cert.jpg
WE installed exchange 2010 server and external owa url is worked but we type the full owa url as per the https://mail.lexgyan.com/owa .
It shows the IE certificate error bar.But that certificate when we installed in IE in the trusted root cert Auth, that certificate is showing installed in IE but when we search in IE that certificate is not finding.
when we export from the other browser and installed in IE. It show Red bar in IE browser
Because of this certificate we can't installed the outlook account on desktops.
Here we attached the file for the reference.
1)we need the certificate is valid and how to validate for external users to configure their outlook accounts.
Suggest for above issue.
outlook-error.jpg
cert.jpg
Another possible could be that you have RPC encryption enabled on exchange 2010 which by default is not used in outlook 2003.
http://support.microsoft.com/kb/2006508
Another thing to consider is your outlook 2003 clients need to be at least at SP3 to work with Exchange 2010.
Alot of issues still exist with Outlook 2003 clients and exchange 2010 unless you upgrade Exchange 2010 to At least SP1.
To sort out the certificate
Is this a certificate issued by a domain joined CA?
If it is domain joined are these clients in the same domain?
If the CA and machines are in the same Domain this certificate should be explicitly trusted already. If its not then this indicates a bigger domain issue, such as group policy not applying. (From the looks of it this is the case). If you just want to resolve the CA issue then
1) Download the CA chain from the CA.
2) Open an MMC
3) file -> add/remove snapin
4) Certificates
5) Computer Account
6) Local Computer
7) Finish
8) oK
9) Expand Certificates(Local Computer)
10) Right click Trusted Root Certification Authorities
11) Select Import and choose the Chain you downloaded earlier
If the CA is however not in the same domain then you need to follow the above steps.
http://support.microsoft.com/kb/2006508
Another thing to consider is your outlook 2003 clients need to be at least at SP3 to work with Exchange 2010.
Alot of issues still exist with Outlook 2003 clients and exchange 2010 unless you upgrade Exchange 2010 to At least SP1.
To sort out the certificate
Is this a certificate issued by a domain joined CA?
If it is domain joined are these clients in the same domain?
If the CA and machines are in the same Domain this certificate should be explicitly trusted already. If its not then this indicates a bigger domain issue, such as group policy not applying. (From the looks of it this is the case). If you just want to resolve the CA issue then
1) Download the CA chain from the CA.
2) Open an MMC
3) file -> add/remove snapin
4) Certificates
5) Computer Account
6) Local Computer
7) Finish
8) oK
9) Expand Certificates(Local Computer)
10) Right click Trusted Root Certification Authorities
11) Select Import and choose the Chain you downloaded earlier
If the CA is however not in the same domain then you need to follow the above steps.
Purchase certificate or SAN certifcate from the third party vendor like go daddy, digicert.com.
To validate for external users to configure their outlook accounts.
To validate for external users to configure their outlook accounts.
ASKER
Sir,
Thanks for the above suggested solutions.
We did the GP Policy and we also run the EMS commands on server and enable and RPC commands.
But We configure the outlook 2007 profile but currently we are facing the outlook folders download error.
1)How to remove RED mark from my ssl certificate?
2)How to download my mails folder in outlook 2007 client?
Here we attached the images files.
attachment--1-.jpg
attachment.jpg
Thanks for the above suggested solutions.
We did the GP Policy and we also run the EMS commands on server and enable and RPC commands.
But We configure the outlook 2007 profile but currently we are facing the outlook folders download error.
1)How to remove RED mark from my ssl certificate?
2)How to download my mails folder in outlook 2007 client?
Here we attached the images files.
attachment--1-.jpg
attachment.jpg
This certificate issue by your own CA and it is not recognize by world wide so it show red mark. If you want to keep it this certificate with red mark just install this certificate in certificate on your local computers.
OR
Try the third party (like go daddy, digicert.com.) certificate to remove red mark from your ssl certificate.
OR
Try the third party (like go daddy, digicert.com.) certificate to remove red mark from your ssl certificate.
As stated in my previous comment
The error with downloading mail indicates that it could not connect to exchange. This can be due to a number of reasons. Connectivity, incorrect details, incorrect publishing, etc.
To sort out the certificate
If you just want to resolve the CA issue then
1) Download the CA chain from the CA.
2) Open an MMC
3) file -> add/remove snapin
4) Certificates
5) Computer Account
6) Local Computer
7) Finish
8) oK
9) Expand Certificates(Local Computer)
10) Right click Trusted Root Certification Authorities
11) Select Import and choose the Chain you downloaded earlier
The error with downloading mail indicates that it could not connect to exchange. This can be due to a number of reasons. Connectivity, incorrect details, incorrect publishing, etc.
ASKER
Sir,
As per the above suggested solutions we used but still my outlook issue is not resolved it showing error in outlook 2010.
Here we attached file suggest for the same.
outlook-error-lexgyan.jpg
As per the above suggested solutions we used but still my outlook issue is not resolved it showing error in outlook 2010.
Here we attached file suggest for the same.
outlook-error-lexgyan.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the support.
http://support.microsoft.com/kb/2264398
For owa do you have the correct URL added to the certificate?