Solved

Delete expired security certificate

Posted on 2014-11-27
11
2,615 Views
Last Modified: 2014-12-07
Outlook 2013 throws up the security warning box shortly after starting, when I view the certificate it shows it expired some time ago.  I have a new self-signed certificate package which I’ve run on the machine and reports as being successfully installed, but Outlook isn’t using the new certificate.

I can’t find the old certificate in Internet Options > Content > Certificates.  I can find two that have an expiry date of next year and so should be OK, but not the certificate with the expired date.

How do I make Outlook use the new certificate?
0
Comment
Question by:grsg
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40468867
Are you referencing an exchange certificate here, or a certificate installed on your client machine for use with outlook ?
0
 

Author Comment

by:grsg
ID: 40468922
It's a self signed certificate generated by the SBS 2008 server.  I take the installer to the client and run it to clear the security warning you normally see when using OWA and RWW.  I happen to need it as we're using Outlook Anywhere.  Hope that helps.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40468936
Ahh ok so you need to ensure you have replaced the certificate, since this is SBS I would recommend running the fix my network wizard.

This should resolve any issues including replacing self signed certificates.

Alternatively you can just run:
Get-ExchangeCertificate <thumbprint of old certificate> | New-ExchangeCertificate | Enable-ExchangeCertificate -services pop,imap,smtp,iis

Open in new window



You just need to verify the services beforehand.
Get-ExchangeCertificate <thumbprint of old certificate>  | select -expa services

Open in new window

0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:grsg
ID: 40468960
Hi Becraig, the new certificate has already been created using the Wizard on the SBS box and the zip taken to the client to use, but when it's run Outlook still sees the old certificate for some reason.  The machine in question is not on the domain, it's at a remote location.
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40469078
If its in a remote location and you are using a self-signed certificate you will need to install the certificate on the client machine. Probably the easiest way is to connect through Outlook Web App and install the certificate through the browser to the Certificate Store on that PC.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40469089
The error the OP pointed to was one of  an expired certificate:
it shows it expired some time ago.
0
 

Author Comment

by:grsg
ID: 40469162
Hi Gareth, the new certificate installer is on the remote machine, I run it and it says it installed successfully, but when Outlook starts the security warning dialogue box says the certificate has expired.  Outlook is still looking at the old, expired certificate, so I need to remove the old certificate or somehow make Outlook see the newly installed one.  Hope that helps.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40469187
Outlook does not "see a certificate"

Certificates unless they are client based are at the "server" level.
Can you please follow the steps I have outlined to find out what services are bound to that certificate and simply use the additional command to renew / replace the certificate.

No certificates for connecting to Exchange are outlook based, the rich client "outlook" simply connects to the "server" SBS exchange in this instance and reads whatever exchange says it has bound as a certificate.
0
 
LVL 9

Expert Comment

by:RantCan
ID: 40469257
becraig is right. Outlook cares not a fig for local certs, it is trying to authenticate to Exchange, hence the trouble with using self -signed certs (they have no 3rd party CA signature, and the local domain CA doesn't count).

I'm just spit-balling here, but check exchange proxy settings for new self-signed certificate on the outlook client? Autodiscover should have sorted it, but may not have yet.
0
 

Accepted Solution

by:
grsg earned 0 total points
ID: 40475693
Thanks for your suggestions, but in the end we created new profiles for the Outlook users.  It looks like Outlook had cached the old certificate.  Creating the new profile has resolved the issue.
0
 

Author Closing Comment

by:grsg
ID: 40485331
A colleague suggested that creating a new profile may resolve the issue, so we tried it and it did.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
When you have clients or friends from around the world, it becomes a challenge to arrange a meeting or effectively manage your time. This is where Outlook's capability to show 2 time zones in one calendar comes in handy.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
how to add IIS SMTP to handle application/Scanner relays into office 365.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question