Solved

Exchange 2010 SSL Certificate Issue?

Posted on 2013-02-05
9
284 Views
Last Modified: 2013-02-15
Sir,

WE installed exchange 2010 server and external owa url is worked  but we type the full owa url as per the https://mail.lexgyan.com/owa .

It shows the IE certificate error bar.But that certificate when we installed in IE in the trusted root cert Auth, that certificate is showing installed in IE but when we search in IE that certificate is not finding.

when we export from the other browser and installed in IE. It show Red bar in IE browser

Because of this certificate we can't installed the outlook account on desktops.
Here we attached the file for the reference.

1)we need the certificate is valid and how to validate for external users to configure their outlook accounts.

Suggest for above issue.
outlook-error.jpg
cert.jpg
0
Comment
Question by:techgyan
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 7

Expert Comment

by:SvenIA
ID: 38858344
I don't think that the Outlook connection error is caused by the certificate. Correct me if i'm wrong please. Maybe this helps?

http://support.microsoft.com/kb/2264398

For owa do you have the correct URL added to the certificate?
0
 
LVL 5

Expert Comment

by:9l1ves
ID: 38858403
Another possible could be that you have RPC encryption enabled on exchange 2010 which by default is not used in outlook 2003.

http://support.microsoft.com/kb/2006508

Another thing to consider is your outlook 2003 clients need to be at least at SP3 to work with Exchange 2010.

Alot of issues still exist with Outlook 2003 clients and exchange 2010 unless you upgrade Exchange 2010 to At least SP1.

To sort out the certificate
Is this a certificate issued by a domain joined CA?
If it is domain joined are these clients in the same domain?
If the CA and machines are in the same Domain this certificate should be explicitly trusted already. If its not then this indicates a bigger domain issue, such as group policy not applying. (From the looks of it this is the case). If you just want to resolve the CA issue then
1) Download the CA chain from the CA.
2) Open an MMC
3) file -> add/remove snapin
4) Certificates
5) Computer Account
6) Local Computer
7) Finish
8) oK
9) Expand Certificates(Local Computer)
10) Right click Trusted Root Certification Authorities
11) Select Import and choose the Chain you downloaded earlier

If the CA is however not in the same domain then you need to follow the above steps.
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38858501
Purchase certificate or SAN certifcate from the third party vendor like go daddy, digicert.com.

To  validate for external users to configure their outlook accounts.
0
 

Author Comment

by:techgyan
ID: 38870927
Sir,

Thanks for the above suggested solutions.
We did the GP Policy and we also run the EMS commands on server and enable and RPC commands.

But We configure the outlook 2007 profile but currently we are facing the outlook folders download error.

1)How to remove RED mark from my ssl certificate?
2)How to download my mails folder in outlook 2007 client?

Here we attached the images files.
attachment--1-.jpg
attachment.jpg
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38872209
This certificate issue by your own CA and it is not recognize by world wide so it show red mark. If you want to keep it this certificate with red mark just install this certificate in certificate on your local computers.

OR

Try the third party (like go daddy, digicert.com.) certificate to remove red mark from your ssl certificate.
0
 
LVL 5

Expert Comment

by:9l1ves
ID: 38872916
As stated in my previous comment

To sort out the certificate
If you just want to resolve the CA issue then
1) Download the CA chain from the CA.
2) Open an MMC
3) file -> add/remove snapin
4) Certificates
5) Computer Account
6) Local Computer
7) Finish
8) oK
9) Expand Certificates(Local Computer)
10) Right click Trusted Root Certification Authorities
11) Select Import and choose the Chain you downloaded earlier

The error with downloading mail indicates that it could not connect to exchange. This can be due to a number of reasons. Connectivity, incorrect details, incorrect publishing, etc.
0
 

Author Comment

by:techgyan
ID: 38879857
Sir,

As per the above suggested solutions we used but still my outlook issue is not resolved it showing error in outlook 2010.

Here we attached  file suggest for the same.
outlook-error-lexgyan.jpg
0
 
LVL 5

Accepted Solution

by:
9l1ves earned 500 total points
ID: 38879955
For every place you getting the certificate error you need to import the full chain to the trusted root store on your computer Certificate location. Can you take a screenshot of what the certificate has in its certification path? As it looks like the certificate chain wasn't imported correctly
0
 

Author Closing Comment

by:techgyan
ID: 38896006
Thanks for the support.
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now