Outlook pulling incorrect SSL certificate from Exchange 2010 SP 2 server

Posted on 2013-06-17
1 Endorsement
Last Modified: 2013-06-19
I have a 3 year old Exchange 2010 server that is fully patched.

I replaced an expiring SSL cert with a new one.  The new one is valid from 6/17/13 to 6/27/15 with the subject of  However, when I open up Outlook, it pulls up an expired certificate that is for  What's odd is that I don't have that invalid certificate anywhere, and it's not something I created as far as I can tell.  I've deleted all other certificates on the server and left only the new valid certificate that expires in 2015.  I've restarted IIS and the mxexchangetransport services.

Screen shot 1 and 2 attached are what I get when I open Outlook and connect to my Exchange server (from outside the LAN).  That is the invalid certificate that I should not see and I want to replace with the valid certificate, but not sure where it's configured in Exchange Management Console.  

Screen shot 3 is what I see from Exchange webmail.  It shows my valid certificate.  Screen shot 4 is the list of certs you can see from Exchange Management Console.  Do you have any suggestions for where I should go to make sure that Outlook is using the right certificate?  I've gone in and assigned all services to the proper certificate (screen shot 5).

Thanks in advance.
Question by:dmessman
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Assisted Solution

gkousikan earned 100 total points
ID: 39255261 Get-ExchangeCertificate |fl cmdlet to verify if the certificate was assigned to services.
   SAN(Subject Alternative Name) of the certificate includes autodiscover.

2.Any other device issuing the old certificate. Like proxy server/loadbalancer device.
LVL 19

Expert Comment

ID: 39255262
It seem that your Outlook Anywhere used old certificate.

Could you try this link to Outlook Anywhere:
LVL 63

Accepted Solution

Simon Butler (Sembee) earned 400 total points
ID: 39255462
This sounds like Autodiscover issues.
If you browse to then you should get an SSL prompt of some description. That will allow you to see the SSL certificate and possibly where it is coming from.
You should also check where the host name resolves to.

If it is happening from outside the network then it will be Autodiscover and it will be because there is an SSL certificate on the public web site. Autodiscover queries a number of URLs, one of which is the root of the domain.

This is further complicated by some hosting control panels having Autodiscover support for their own purposes, to the URL that Outlook is querying is actually valid. If that is the case then you will need to speak to your hosting company to get them to block it.

You can see what Autodiscover is doing via the Microsoft test site at the link above, or through Outlook itself.


Author Comment

ID: 39255847
you are all totally right - it is autodiscover, and it is not my certificate that is the problem.

If I go to - it shows me the invalid certificate that expired on 4/27/13 that I am having the truoble with and DOES respond with a 404 error.  The page doesn't exist, but the web site is responding with a 404 error.  

I'll have to figure this out with my web host.

Thanks for your help

Author Closing Comment

ID: 39260975 did not exist on my web host, but the SSL certificate that was being used by the web host was out of date.  If the certificate was in date, this would have been a non-issue as the autodiscover process would have realized the web server wasn't giving a proper response, but when the certificate became out of date, this generated an error so that the autodiscover process could not move on.

I had our web server people disable port 443 on the web server since we don't use SSL on our web site anyway.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
exchange 2007 5 40
Exchange OWA website Redirection 7 47
Exchange management shell 5 38
Increase item size limit in public folder in Office 365 4 18
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question