Solved

certificate error on outlook

Posted on 2014-10-07
13
219 Views
Last Modified: 2014-10-07
We recently upgraded to exchange 2010 from 2003.  I setup a basic SSL cert instead of a UCC.   I setup the cert to use mail.domain.com.  Externally everything is working fine and no issues with cert.  Internally on outlook 2007, 2010 and 2013 clients I am getting a "nonvalid certificate error".   I tried installing the cert as a trusted CA, but that doesn't work.

I also changed the autodiscover url to mail.domain.com from server.domain.com, but no change with the certificate error.  

Thanks.
0
Comment
Question by:tiptechs
  • 9
  • 2
  • 2
13 Comments
 
LVL 16

Expert Comment

by:Rajitha Chimmani
Comment Utility
When you get the prompt for certificate error in Outlook it would also show tick or cross mark against each of the 3 certificate validations. Can you provide the exact parameter in certificate that is invalid?
0
 

Author Comment

by:tiptechs
Comment Utility
When viewing the certificate path there is a Red in the picture for USER TRUST, SSL site, mail.domain.com.   It says "This certificate has a nonvalid digital signature".

Thanks.
0
 

Author Comment

by:tiptechs
Comment Utility
Under the general tab it says "The integrity of this certificate cannot be guaranteed.  The certificate may be corrupted or may have been altered."
0
 
LVL 24

Expert Comment

by:VB ITS
Comment Utility
Type this in the Exchange Management Shell and paste the result:

Get-ClientAccessServer -Identity <CAS2010> | Select AutoDiscoverServiceInternalUri

You may need to adjust this to point to server.domain.com - ensure internal DNS resolves this record to your new 2010 CAS server also.
0
 

Author Comment

by:tiptechs
Comment Utility
this originaly pointed to server.domain.com and was getting the same error.  I thought this was the issue since the names didn't match.    I changed it to point to the mail.domain.com, but got the same error.  I do have an internal dns record for mail.domain.com pointing to the 2010 server.

the result of the command is below

AutoDiscoverServiceInternalUri
---------------------------------------------
https://mail.domain.com/Autodiscover/Autodiscover.xml
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 500 total points
Comment Utility
What happens when you click on that AutoDiscover.xml link? Does the browser throw up the same error regarding the certificate?
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 

Author Comment

by:tiptechs
Comment Utility
I get page can't be displayed for the internal url.     I also tried OWA internally and that didn't work.

DNS resolves to the correct IP.  I also tried the IP in the url and got page can't be displayed.   OWA and the Autodiscover url are working externally.
0
 

Author Comment

by:tiptechs
Comment Utility
I tested owa and the xml page from the mail server and it works fine there.
0
 

Author Comment

by:tiptechs
Comment Utility
I can pull up http://mail.domain.com from an internal pc and get the "access denied" page, but soon as you put in https it says that it can't find the web page
0
 

Author Comment

by:tiptechs
Comment Utility
From the dc I was able to access the owa and autodiscover internally.  From 3 or 4 internal PCs I was not.
0
 

Author Comment

by:tiptechs
Comment Utility
It looks as though, the internal issue is related older versions of IE.  On newer versions we have no problems accessing OWA or the Autodiscover url.

I tested outlook from a pc that had no issues accessing these urls and it appears to be working now.
0
 
LVL 16

Expert Comment

by:Rajitha Chimmani
Comment Utility
So..the issue was not with certificates but the IE version on client PC?
0
 

Author Comment

by:tiptechs
Comment Utility
On the pc I was mostly testing from, I ran quite a few windows updates and now appears to be working.  Thanks for the help Rajitha14.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now