Solved

Delete expired security certificate

Posted on 2014-11-27
11
1,364 Views
Last Modified: 2014-12-07
Outlook 2013 throws up the security warning box shortly after starting, when I view the certificate it shows it expired some time ago.  I have a new self-signed certificate package which I’ve run on the machine and reports as being successfully installed, but Outlook isn’t using the new certificate.

I can’t find the old certificate in Internet Options > Content > Certificates.  I can find two that have an expiry date of next year and so should be OK, but not the certificate with the expired date.

How do I make Outlook use the new certificate?
0
Comment
Question by:grsg
11 Comments
 
LVL 28

Expert Comment

by:becraig
Comment Utility
Are you referencing an exchange certificate here, or a certificate installed on your client machine for use with outlook ?
0
 

Author Comment

by:grsg
Comment Utility
It's a self signed certificate generated by the SBS 2008 server.  I take the installer to the client and run it to clear the security warning you normally see when using OWA and RWW.  I happen to need it as we're using Outlook Anywhere.  Hope that helps.
0
 
LVL 28

Expert Comment

by:becraig
Comment Utility
Ahh ok so you need to ensure you have replaced the certificate, since this is SBS I would recommend running the fix my network wizard.

This should resolve any issues including replacing self signed certificates.

Alternatively you can just run:
Get-ExchangeCertificate <thumbprint of old certificate> | New-ExchangeCertificate | Enable-ExchangeCertificate -services pop,imap,smtp,iis

Open in new window



You just need to verify the services beforehand.
Get-ExchangeCertificate <thumbprint of old certificate>  | select -expa services

Open in new window

0
 

Author Comment

by:grsg
Comment Utility
Hi Becraig, the new certificate has already been created using the Wizard on the SBS box and the zip taken to the client to use, but when it's run Outlook still sees the old certificate for some reason.  The machine in question is not on the domain, it's at a remote location.
0
 
LVL 30

Expert Comment

by:Gareth Gudger
Comment Utility
If its in a remote location and you are using a self-signed certificate you will need to install the certificate on the client machine. Probably the easiest way is to connect through Outlook Web App and install the certificate through the browser to the Certificate Store on that PC.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 28

Expert Comment

by:becraig
Comment Utility
The error the OP pointed to was one of  an expired certificate:
it shows it expired some time ago.
0
 

Author Comment

by:grsg
Comment Utility
Hi Gareth, the new certificate installer is on the remote machine, I run it and it says it installed successfully, but when Outlook starts the security warning dialogue box says the certificate has expired.  Outlook is still looking at the old, expired certificate, so I need to remove the old certificate or somehow make Outlook see the newly installed one.  Hope that helps.
0
 
LVL 28

Expert Comment

by:becraig
Comment Utility
Outlook does not "see a certificate"

Certificates unless they are client based are at the "server" level.
Can you please follow the steps I have outlined to find out what services are bound to that certificate and simply use the additional command to renew / replace the certificate.

No certificates for connecting to Exchange are outlook based, the rich client "outlook" simply connects to the "server" SBS exchange in this instance and reads whatever exchange says it has bound as a certificate.
0
 
LVL 9

Expert Comment

by:RantCan
Comment Utility
becraig is right. Outlook cares not a fig for local certs, it is trying to authenticate to Exchange, hence the trouble with using self -signed certs (they have no 3rd party CA signature, and the local domain CA doesn't count).

I'm just spit-balling here, but check exchange proxy settings for new self-signed certificate on the outlook client? Autodiscover should have sorted it, but may not have yet.
0
 

Accepted Solution

by:
grsg earned 0 total points
Comment Utility
Thanks for your suggestions, but in the end we created new profiles for the Outlook users.  It looks like Outlook had cached the old certificate.  Creating the new profile has resolved the issue.
0
 

Author Closing Comment

by:grsg
Comment Utility
A colleague suggested that creating a new profile may resolve the issue, so we tried it and it did.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
how to add IIS SMTP to handle application/Scanner relays into office 365.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now