Delete expired security certificate

Outlook 2013 throws up the security warning box shortly after starting, when I view the certificate it shows it expired some time ago.  I have a new self-signed certificate package which I’ve run on the machine and reports as being successfully installed, but Outlook isn’t using the new certificate.

I can’t find the old certificate in Internet Options > Content > Certificates.  I can find two that have an expiry date of next year and so should be OK, but not the certificate with the expired date.

How do I make Outlook use the new certificate?
grsgAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

becraigCommented:
Are you referencing an exchange certificate here, or a certificate installed on your client machine for use with outlook ?
0
grsgAuthor Commented:
It's a self signed certificate generated by the SBS 2008 server.  I take the installer to the client and run it to clear the security warning you normally see when using OWA and RWW.  I happen to need it as we're using Outlook Anywhere.  Hope that helps.
0
becraigCommented:
Ahh ok so you need to ensure you have replaced the certificate, since this is SBS I would recommend running the fix my network wizard.

This should resolve any issues including replacing self signed certificates.

Alternatively you can just run:
Get-ExchangeCertificate <thumbprint of old certificate> | New-ExchangeCertificate | Enable-ExchangeCertificate -services pop,imap,smtp,iis

Open in new window



You just need to verify the services beforehand.
Get-ExchangeCertificate <thumbprint of old certificate>  | select -expa services

Open in new window

0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

grsgAuthor Commented:
Hi Becraig, the new certificate has already been created using the Wizard on the SBS box and the zip taken to the client to use, but when it's run Outlook still sees the old certificate for some reason.  The machine in question is not on the domain, it's at a remote location.
0
Gareth GudgerCommented:
If its in a remote location and you are using a self-signed certificate you will need to install the certificate on the client machine. Probably the easiest way is to connect through Outlook Web App and install the certificate through the browser to the Certificate Store on that PC.
0
becraigCommented:
The error the OP pointed to was one of  an expired certificate:
it shows it expired some time ago.
0
grsgAuthor Commented:
Hi Gareth, the new certificate installer is on the remote machine, I run it and it says it installed successfully, but when Outlook starts the security warning dialogue box says the certificate has expired.  Outlook is still looking at the old, expired certificate, so I need to remove the old certificate or somehow make Outlook see the newly installed one.  Hope that helps.
0
becraigCommented:
Outlook does not "see a certificate"

Certificates unless they are client based are at the "server" level.
Can you please follow the steps I have outlined to find out what services are bound to that certificate and simply use the additional command to renew / replace the certificate.

No certificates for connecting to Exchange are outlook based, the rich client "outlook" simply connects to the "server" SBS exchange in this instance and reads whatever exchange says it has bound as a certificate.
0
RantCanSr. Systems AdministratorCommented:
becraig is right. Outlook cares not a fig for local certs, it is trying to authenticate to Exchange, hence the trouble with using self -signed certs (they have no 3rd party CA signature, and the local domain CA doesn't count).

I'm just spit-balling here, but check exchange proxy settings for new self-signed certificate on the outlook client? Autodiscover should have sorted it, but may not have yet.
0
grsgAuthor Commented:
Thanks for your suggestions, but in the end we created new profiles for the Outlook users.  It looks like Outlook had cached the old certificate.  Creating the new profile has resolved the issue.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
grsgAuthor Commented:
A colleague suggested that creating a new profile may resolve the issue, so we tried it and it did.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Outlook

From novice to tech pro — start learning today.