Exchange/Outlook 2010 Security Alert - Certificates
Exchange 2010 SP2 server
Windows Server 2008 R2 SP1
Outlook 2010
Hey guys and girls,
I just started seeing a certificate pop-up when users open up Outlook 2010.
Also looking thru the Event Logs I found hundreds of the following event;
Event ID:
Schannel 36885 When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.
Some of the googling Ive done points to a fix possibly being removing some of the 360 Certs that are listed in the 'Trusted Root Certification Authorities' MMC... but Im not sure thats the fix, also, how would I know what is used and what isnt?
Any ideas? Thanks in advance.
Windows Server 2008 R2 SP1
Outlook 2010
Hey guys and girls,
I just started seeing a certificate pop-up when users open up Outlook 2010.
Security Alert
Servername.domain.com
Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.
X The application experienced an internal error loading the SSL libraries.
The site should not be trusted.
Servername.domain.com
Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.
X The application experienced an internal error loading the SSL libraries.
The site should not be trusted.
Also looking thru the Event Logs I found hundreds of the following event;
Event ID:
Schannel 36885 When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.
Some of the googling Ive done points to a fix possibly being removing some of the 360 Certs that are listed in the 'Trusted Root Certification Authorities' MMC... but Im not sure thats the fix, also, how would I know what is used and what isnt?
Any ideas? Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is external TLS enabled for external connections or is it just port 25? If its just port 25 its not making outbound encrypted sessions, so just the locak certs...
ASKER