Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

certificate error on outlook

Posted on 2014-10-07
13
Medium Priority
?
243 Views
Last Modified: 2014-10-07
We recently upgraded to exchange 2010 from 2003.  I setup a basic SSL cert instead of a UCC.   I setup the cert to use mail.domain.com.  Externally everything is working fine and no issues with cert.  Internally on outlook 2007, 2010 and 2013 clients I am getting a "nonvalid certificate error".   I tried installing the cert as a trusted CA, but that doesn't work.

I also changed the autodiscover url to mail.domain.com from server.domain.com, but no change with the certificate error.  

Thanks.
0
Comment
Question by:tiptechs
  • 9
  • 2
  • 2
13 Comments
 
LVL 16

Expert Comment

by:Rajitha Chimmani
ID: 40366302
When you get the prompt for certificate error in Outlook it would also show tick or cross mark against each of the 3 certificate validations. Can you provide the exact parameter in certificate that is invalid?
0
 

Author Comment

by:tiptechs
ID: 40366311
When viewing the certificate path there is a Red in the picture for USER TRUST, SSL site, mail.domain.com.   It says "This certificate has a nonvalid digital signature".

Thanks.
0
 

Author Comment

by:tiptechs
ID: 40366315
Under the general tab it says "The integrity of this certificate cannot be guaranteed.  The certificate may be corrupted or may have been altered."
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 24

Expert Comment

by:VB ITS
ID: 40366325
Type this in the Exchange Management Shell and paste the result:

Get-ClientAccessServer -Identity <CAS2010> | Select AutoDiscoverServiceInternalUri

You may need to adjust this to point to server.domain.com - ensure internal DNS resolves this record to your new 2010 CAS server also.
0
 

Author Comment

by:tiptechs
ID: 40366355
this originaly pointed to server.domain.com and was getting the same error.  I thought this was the issue since the names didn't match.    I changed it to point to the mail.domain.com, but got the same error.  I do have an internal dns record for mail.domain.com pointing to the 2010 server.

the result of the command is below

AutoDiscoverServiceInternalUri
---------------------------------------------
https://mail.domain.com/Autodiscover/Autodiscover.xml
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 2000 total points
ID: 40366370
What happens when you click on that AutoDiscover.xml link? Does the browser throw up the same error regarding the certificate?
0
 

Author Comment

by:tiptechs
ID: 40366447
I get page can't be displayed for the internal url.     I also tried OWA internally and that didn't work.

DNS resolves to the correct IP.  I also tried the IP in the url and got page can't be displayed.   OWA and the Autodiscover url are working externally.
0
 

Author Comment

by:tiptechs
ID: 40366461
I tested owa and the xml page from the mail server and it works fine there.
0
 

Author Comment

by:tiptechs
ID: 40366472
I can pull up http://mail.domain.com from an internal pc and get the "access denied" page, but soon as you put in https it says that it can't find the web page
0
 

Author Comment

by:tiptechs
ID: 40366568
From the dc I was able to access the owa and autodiscover internally.  From 3 or 4 internal PCs I was not.
0
 

Author Comment

by:tiptechs
ID: 40366793
It looks as though, the internal issue is related older versions of IE.  On newer versions we have no problems accessing OWA or the Autodiscover url.

I tested outlook from a pc that had no issues accessing these urls and it appears to be working now.
0
 
LVL 16

Expert Comment

by:Rajitha Chimmani
ID: 40366817
So..the issue was not with certificates but the IE version on client PC?
0
 

Author Comment

by:tiptechs
ID: 40367048
On the pc I was mostly testing from, I ran quite a few windows updates and now appears to be working.  Thanks for the help Rajitha14.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
Eseutil Hard Recovery is part of exchange tool and ensures Exchange mailbox data recovery when mailbox gets corrupt due to some problem on Exchange server.
how to add IIS SMTP to handle application/Scanner relays into office 365.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question