Outlook pulling incorrect SSL certificate from Exchange 2010 SP 2 server

Posted on 2013-06-17
1 Endorsement
Last Modified: 2013-06-19
I have a 3 year old Exchange 2010 server that is fully patched.

I replaced an expiring SSL cert with a new one.  The new one is valid from 6/17/13 to 6/27/15 with the subject of  However, when I open up Outlook, it pulls up an expired certificate that is for  What's odd is that I don't have that invalid certificate anywhere, and it's not something I created as far as I can tell.  I've deleted all other certificates on the server and left only the new valid certificate that expires in 2015.  I've restarted IIS and the mxexchangetransport services.

Screen shot 1 and 2 attached are what I get when I open Outlook and connect to my Exchange server (from outside the LAN).  That is the invalid certificate that I should not see and I want to replace with the valid certificate, but not sure where it's configured in Exchange Management Console.  

Screen shot 3 is what I see from Exchange webmail.  It shows my valid certificate.  Screen shot 4 is the list of certs you can see from Exchange Management Console.  Do you have any suggestions for where I should go to make sure that Outlook is using the right certificate?  I've gone in and assigned all services to the proper certificate (screen shot 5).

Thanks in advance.
Question by:dmessman

Assisted Solution

gkousikan earned 100 total points
ID: 39255261 Get-ExchangeCertificate |fl cmdlet to verify if the certificate was assigned to services.
   SAN(Subject Alternative Name) of the certificate includes autodiscover.

2.Any other device issuing the old certificate. Like proxy server/loadbalancer device.
LVL 18

Expert Comment

ID: 39255262
It seem that your Outlook Anywhere used old certificate.

Could you try this link to Outlook Anywhere:
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 400 total points
ID: 39255462
This sounds like Autodiscover issues.
If you browse to then you should get an SSL prompt of some description. That will allow you to see the SSL certificate and possibly where it is coming from.
You should also check where the host name resolves to.

If it is happening from outside the network then it will be Autodiscover and it will be because there is an SSL certificate on the public web site. Autodiscover queries a number of URLs, one of which is the root of the domain.

This is further complicated by some hosting control panels having Autodiscover support for their own purposes, to the URL that Outlook is querying is actually valid. If that is the case then you will need to speak to your hosting company to get them to block it.

You can see what Autodiscover is doing via the Microsoft test site at the link above, or through Outlook itself.


Author Comment

ID: 39255847
you are all totally right - it is autodiscover, and it is not my certificate that is the problem.

If I go to - it shows me the invalid certificate that expired on 4/27/13 that I am having the truoble with and DOES respond with a 404 error.  The page doesn't exist, but the web site is responding with a 404 error.  

I'll have to figure this out with my web host.

Thanks for your help

Author Closing Comment

ID: 39260975 did not exist on my web host, but the SSL certificate that was being used by the web host was out of date.  If the certificate was in date, this would have been a non-issue as the autodiscover process would have realized the web server wasn't giving a proper response, but when the certificate became out of date, this generated an error so that the autodiscover process could not move on.

I had our web server people disable port 443 on the web server since we don't use SSL on our web site anyway.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to:…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question