grsg
asked on
Delete expired security certificate
Outlook 2013 throws up the security warning box shortly after starting, when I view the certificate it shows it expired some time ago. I have a new self-signed certificate package which I’ve run on the machine and reports as being successfully installed, but Outlook isn’t using the new certificate.
I can’t find the old certificate in Internet Options > Content > Certificates. I can find two that have an expiry date of next year and so should be OK, but not the certificate with the expired date.
How do I make Outlook use the new certificate?
I can’t find the old certificate in Internet Options > Content > Certificates. I can find two that have an expiry date of next year and so should be OK, but not the certificate with the expired date.
How do I make Outlook use the new certificate?
Are you referencing an exchange certificate here, or a certificate installed on your client machine for use with outlook ?
ASKER
It's a self signed certificate generated by the SBS 2008 server. I take the installer to the client and run it to clear the security warning you normally see when using OWA and RWW. I happen to need it as we're using Outlook Anywhere. Hope that helps.
Ahh ok so you need to ensure you have replaced the certificate, since this is SBS I would recommend running the fix my network wizard.
This should resolve any issues including replacing self signed certificates.
Alternatively you can just run:
You just need to verify the services beforehand.
This should resolve any issues including replacing self signed certificates.
Alternatively you can just run:
Get-ExchangeCertificate <thumbprint of old certificate> | New-ExchangeCertificate | Enable-ExchangeCertificate -services pop,imap,smtp,iis
You just need to verify the services beforehand.
Get-ExchangeCertificate <thumbprint of old certificate> | select -expa services
ASKER
Hi Becraig, the new certificate has already been created using the Wizard on the SBS box and the zip taken to the client to use, but when it's run Outlook still sees the old certificate for some reason. The machine in question is not on the domain, it's at a remote location.
If its in a remote location and you are using a self-signed certificate you will need to install the certificate on the client machine. Probably the easiest way is to connect through Outlook Web App and install the certificate through the browser to the Certificate Store on that PC.
The error the OP pointed to was one of an expired certificate:
it shows it expired some time ago.
ASKER
Hi Gareth, the new certificate installer is on the remote machine, I run it and it says it installed successfully, but when Outlook starts the security warning dialogue box says the certificate has expired. Outlook is still looking at the old, expired certificate, so I need to remove the old certificate or somehow make Outlook see the newly installed one. Hope that helps.
Outlook does not "see a certificate"
Certificates unless they are client based are at the "server" level.
Can you please follow the steps I have outlined to find out what services are bound to that certificate and simply use the additional command to renew / replace the certificate.
No certificates for connecting to Exchange are outlook based, the rich client "outlook" simply connects to the "server" SBS exchange in this instance and reads whatever exchange says it has bound as a certificate.
Certificates unless they are client based are at the "server" level.
Can you please follow the steps I have outlined to find out what services are bound to that certificate and simply use the additional command to renew / replace the certificate.
No certificates for connecting to Exchange are outlook based, the rich client "outlook" simply connects to the "server" SBS exchange in this instance and reads whatever exchange says it has bound as a certificate.
becraig is right. Outlook cares not a fig for local certs, it is trying to authenticate to Exchange, hence the trouble with using self -signed certs (they have no 3rd party CA signature, and the local domain CA doesn't count).
I'm just spit-balling here, but check exchange proxy settings for new self-signed certificate on the outlook client? Autodiscover should have sorted it, but may not have yet.
I'm just spit-balling here, but check exchange proxy settings for new self-signed certificate on the outlook client? Autodiscover should have sorted it, but may not have yet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
A colleague suggested that creating a new profile may resolve the issue, so we tried it and it did.