[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 249
  • Last Modified:

certificate error on outlook

We recently upgraded to exchange 2010 from 2003.  I setup a basic SSL cert instead of a UCC.   I setup the cert to use mail.domain.com.  Externally everything is working fine and no issues with cert.  Internally on outlook 2007, 2010 and 2013 clients I am getting a "nonvalid certificate error".   I tried installing the cert as a trusted CA, but that doesn't work.

I also changed the autodiscover url to mail.domain.com from server.domain.com, but no change with the certificate error.  

Thanks.
0
tiptechs
Asked:
tiptechs
  • 9
  • 2
  • 2
1 Solution
 
Rajitha ChimmaniCommented:
When you get the prompt for certificate error in Outlook it would also show tick or cross mark against each of the 3 certificate validations. Can you provide the exact parameter in certificate that is invalid?
0
 
tiptechsAuthor Commented:
When viewing the certificate path there is a Red in the picture for USER TRUST, SSL site, mail.domain.com.   It says "This certificate has a nonvalid digital signature".

Thanks.
0
 
tiptechsAuthor Commented:
Under the general tab it says "The integrity of this certificate cannot be guaranteed.  The certificate may be corrupted or may have been altered."
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
VB ITSSpecialist ConsultantCommented:
Type this in the Exchange Management Shell and paste the result:

Get-ClientAccessServer -Identity <CAS2010> | Select AutoDiscoverServiceInternalUri

You may need to adjust this to point to server.domain.com - ensure internal DNS resolves this record to your new 2010 CAS server also.
0
 
tiptechsAuthor Commented:
this originaly pointed to server.domain.com and was getting the same error.  I thought this was the issue since the names didn't match.    I changed it to point to the mail.domain.com, but got the same error.  I do have an internal dns record for mail.domain.com pointing to the 2010 server.

the result of the command is below

AutoDiscoverServiceInternalUri
---------------------------------------------
https://mail.domain.com/Autodiscover/Autodiscover.xml
0
 
VB ITSSpecialist ConsultantCommented:
What happens when you click on that AutoDiscover.xml link? Does the browser throw up the same error regarding the certificate?
0
 
tiptechsAuthor Commented:
I get page can't be displayed for the internal url.     I also tried OWA internally and that didn't work.

DNS resolves to the correct IP.  I also tried the IP in the url and got page can't be displayed.   OWA and the Autodiscover url are working externally.
0
 
tiptechsAuthor Commented:
I tested owa and the xml page from the mail server and it works fine there.
0
 
tiptechsAuthor Commented:
I can pull up http://mail.domain.com from an internal pc and get the "access denied" page, but soon as you put in https it says that it can't find the web page
0
 
tiptechsAuthor Commented:
From the dc I was able to access the owa and autodiscover internally.  From 3 or 4 internal PCs I was not.
0
 
tiptechsAuthor Commented:
It looks as though, the internal issue is related older versions of IE.  On newer versions we have no problems accessing OWA or the Autodiscover url.

I tested outlook from a pc that had no issues accessing these urls and it appears to be working now.
0
 
Rajitha ChimmaniCommented:
So..the issue was not with certificates but the IE version on client PC?
0
 
tiptechsAuthor Commented:
On the pc I was mostly testing from, I ran quite a few windows updates and now appears to be working.  Thanks for the help Rajitha14.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 9
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now