Delete expired security certificate

Outlook 2013 throws up the security warning box shortly after starting, when I view the certificate it shows it expired some time ago.  I have a new self-signed certificate package which I’ve run on the machine and reports as being successfully installed, but Outlook isn’t using the new certificate.

I can’t find the old certificate in Internet Options > Content > Certificates.  I can find two that have an expiry date of next year and so should be OK, but not the certificate with the expired date.

How do I make Outlook use the new certificate?
grsgAsked:
Who is Participating?
 
grsgConnect With a Mentor Author Commented:
Thanks for your suggestions, but in the end we created new profiles for the Outlook users.  It looks like Outlook had cached the old certificate.  Creating the new profile has resolved the issue.
0
 
becraigCommented:
Are you referencing an exchange certificate here, or a certificate installed on your client machine for use with outlook ?
0
 
grsgAuthor Commented:
It's a self signed certificate generated by the SBS 2008 server.  I take the installer to the client and run it to clear the security warning you normally see when using OWA and RWW.  I happen to need it as we're using Outlook Anywhere.  Hope that helps.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
becraigCommented:
Ahh ok so you need to ensure you have replaced the certificate, since this is SBS I would recommend running the fix my network wizard.

This should resolve any issues including replacing self signed certificates.

Alternatively you can just run:
Get-ExchangeCertificate <thumbprint of old certificate> | New-ExchangeCertificate | Enable-ExchangeCertificate -services pop,imap,smtp,iis

Open in new window



You just need to verify the services beforehand.
Get-ExchangeCertificate <thumbprint of old certificate>  | select -expa services

Open in new window

0
 
grsgAuthor Commented:
Hi Becraig, the new certificate has already been created using the Wizard on the SBS box and the zip taken to the client to use, but when it's run Outlook still sees the old certificate for some reason.  The machine in question is not on the domain, it's at a remote location.
0
 
Gareth GudgerCommented:
If its in a remote location and you are using a self-signed certificate you will need to install the certificate on the client machine. Probably the easiest way is to connect through Outlook Web App and install the certificate through the browser to the Certificate Store on that PC.
0
 
becraigCommented:
The error the OP pointed to was one of  an expired certificate:
it shows it expired some time ago.
0
 
grsgAuthor Commented:
Hi Gareth, the new certificate installer is on the remote machine, I run it and it says it installed successfully, but when Outlook starts the security warning dialogue box says the certificate has expired.  Outlook is still looking at the old, expired certificate, so I need to remove the old certificate or somehow make Outlook see the newly installed one.  Hope that helps.
0
 
becraigCommented:
Outlook does not "see a certificate"

Certificates unless they are client based are at the "server" level.
Can you please follow the steps I have outlined to find out what services are bound to that certificate and simply use the additional command to renew / replace the certificate.

No certificates for connecting to Exchange are outlook based, the rich client "outlook" simply connects to the "server" SBS exchange in this instance and reads whatever exchange says it has bound as a certificate.
0
 
RantCanSr. Systems AdministratorCommented:
becraig is right. Outlook cares not a fig for local certs, it is trying to authenticate to Exchange, hence the trouble with using self -signed certs (they have no 3rd party CA signature, and the local domain CA doesn't count).

I'm just spit-balling here, but check exchange proxy settings for new self-signed certificate on the outlook client? Autodiscover should have sorted it, but may not have yet.
0
 
grsgAuthor Commented:
A colleague suggested that creating a new profile may resolve the issue, so we tried it and it did.
0
All Courses

From novice to tech pro — start learning today.