Solved

certificate error on outlook

Posted on 2014-10-07
13
238 Views
Last Modified: 2014-10-07
We recently upgraded to exchange 2010 from 2003.  I setup a basic SSL cert instead of a UCC.   I setup the cert to use mail.domain.com.  Externally everything is working fine and no issues with cert.  Internally on outlook 2007, 2010 and 2013 clients I am getting a "nonvalid certificate error".   I tried installing the cert as a trusted CA, but that doesn't work.

I also changed the autodiscover url to mail.domain.com from server.domain.com, but no change with the certificate error.  

Thanks.
0
Comment
Question by:tiptechs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 2
  • 2
13 Comments
 
LVL 16

Expert Comment

by:Rajitha Chimmani
ID: 40366302
When you get the prompt for certificate error in Outlook it would also show tick or cross mark against each of the 3 certificate validations. Can you provide the exact parameter in certificate that is invalid?
0
 

Author Comment

by:tiptechs
ID: 40366311
When viewing the certificate path there is a Red in the picture for USER TRUST, SSL site, mail.domain.com.   It says "This certificate has a nonvalid digital signature".

Thanks.
0
 

Author Comment

by:tiptechs
ID: 40366315
Under the general tab it says "The integrity of this certificate cannot be guaranteed.  The certificate may be corrupted or may have been altered."
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 24

Expert Comment

by:VB ITS
ID: 40366325
Type this in the Exchange Management Shell and paste the result:

Get-ClientAccessServer -Identity <CAS2010> | Select AutoDiscoverServiceInternalUri

You may need to adjust this to point to server.domain.com - ensure internal DNS resolves this record to your new 2010 CAS server also.
0
 

Author Comment

by:tiptechs
ID: 40366355
this originaly pointed to server.domain.com and was getting the same error.  I thought this was the issue since the names didn't match.    I changed it to point to the mail.domain.com, but got the same error.  I do have an internal dns record for mail.domain.com pointing to the 2010 server.

the result of the command is below

AutoDiscoverServiceInternalUri
---------------------------------------------
https://mail.domain.com/Autodiscover/Autodiscover.xml
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 500 total points
ID: 40366370
What happens when you click on that AutoDiscover.xml link? Does the browser throw up the same error regarding the certificate?
0
 

Author Comment

by:tiptechs
ID: 40366447
I get page can't be displayed for the internal url.     I also tried OWA internally and that didn't work.

DNS resolves to the correct IP.  I also tried the IP in the url and got page can't be displayed.   OWA and the Autodiscover url are working externally.
0
 

Author Comment

by:tiptechs
ID: 40366461
I tested owa and the xml page from the mail server and it works fine there.
0
 

Author Comment

by:tiptechs
ID: 40366472
I can pull up http://mail.domain.com from an internal pc and get the "access denied" page, but soon as you put in https it says that it can't find the web page
0
 

Author Comment

by:tiptechs
ID: 40366568
From the dc I was able to access the owa and autodiscover internally.  From 3 or 4 internal PCs I was not.
0
 

Author Comment

by:tiptechs
ID: 40366793
It looks as though, the internal issue is related older versions of IE.  On newer versions we have no problems accessing OWA or the Autodiscover url.

I tested outlook from a pc that had no issues accessing these urls and it appears to be working now.
0
 
LVL 16

Expert Comment

by:Rajitha Chimmani
ID: 40366817
So..the issue was not with certificates but the IE version on client PC?
0
 

Author Comment

by:tiptechs
ID: 40367048
On the pc I was mostly testing from, I ran quite a few windows updates and now appears to be working.  Thanks for the help Rajitha14.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses
Course of the Month3 days, 15 hours left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question