[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

outlook 2007 security certificate has expired error.

Posted on 2014-12-19
16
Medium Priority
?
190 Views
Last Modified: 2015-01-08
I have a windows server 2003 server
Exchange 2007
CA certificate renewed

Our ssl security certificate recently expired and we renewed it with a third party company. We created the csr and uploaded it to the third party which generated the certificate which we downloaded.

We imported the certificate through the exchange ps management tool and enabled it as well. both expired and new cert showed when we ran get-exchangecertificate list command. we ran remove-exchange certificate command for the expired thumbprint and now only the new cert shows when we run the get-exchangecertificate command.

When we open outlook (2010/2007) we still get the box that say "the security certificate has expired or is not yet valid."
The security certificate from passes, so does the certificate has valid name passes.

Could it be the clients are pointing to the wrong place for their certificates? If so how do I find out where they should point to for the certificate that I enabled in exchange?

Any help would be great I am lost and can't figure it out.

Thanks
0
Comment
Question by:gberryman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 5
  • 2
  • +1
16 Comments
 
LVL 17

Expert Comment

by:Ivan
ID: 40509976
Hi,

have you tried to restart IIS service?  cmd> iisreset /noforce (or /force)

Regards,
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40510076
You should be able to open the SSL certificate when you get that prompt.
Is the right certificate being presented to the client?

Have you removed the old certificate?

Simon.
0
 
LVL 2

Expert Comment

by:Jasvindar Singh
ID: 40510904
I hope when you try to access OWA over HTTPS - You are not getting certificate error.
Try clearing all the entries in Store Manager on Client machines.
Go to Run => Control Keymgr.dll  (press enter)

It contains stale entries and its safe to remove.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:gberryman
ID: 40514072
Thank You I will try restarting IIS and post the results.
0
 

Author Comment

by:gberryman
ID: 40515660
I restarted IIS and now no certificate errors but now the mobile phone users can't connect. As well the http://mail.company.com works but https://mail.company.com does not. Not sure why the secure one no longer works.

Any Ideas?

Thanks for your time guys/girls
0
 
LVL 17

Expert Comment

by:Ivan
ID: 40515677
Hi,

If you go to IIS, and select default web site, and go to bindings, is there SSL (https) binding?
Guess SSL cert is not bind for IIS..
0
 

Author Comment

by:gberryman
ID: 40515692
Ill Check Thank You
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40515698
As this is Exchange 2007, you should really do it through EMS.

get-exchangecertificate

ensure that W (for web) is enabled. If not, then you will need to enable it using

enable-exchangecertificate

Simon.
1
 

Author Comment

by:gberryman
ID: 40515741
When I enabled the cert I looked at my documentation and did not include IIS service. I used Enable-ExchangeCertificate (-Thumbprint) -Services "SMTP". Is this the reason my https and mobile connections are not working?
0
 

Author Comment

by:gberryman
ID: 40515813
If a service is not enabled during the initial enable-exchangecertificate command can I add a service to the existing certificate or do I need to start from scratch with new csr and new certificate?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40521538
You can run the enable command at any time. You do not need to create a new certificate request.

Simon.
0
 

Author Comment

by:gberryman
ID: 40528495
When I tried to enable it said it already exists.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40528868
If you run get-exchangecertificate it will show you the certificate and the services that are enabled for it.
Then run this command:

enable-exchangecertificate -thumbprint xxxxxxx -services iis, pop, smtp, imap

Changing XXXX to match the thumbprint.

Simon.
1
 

Author Comment

by:gberryman
ID: 40529493
Thank you Simon, will this require a restart of IIS as well? Also i read that I shouldn't be adding services I'm not using. Is there any reason why adding unused services is not recommended?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 2000 total points
ID: 40529968
Where did you read about not adding services that you aren't using?
That isn't something I have ever seen on Microsoft guidance.

You will need to restart IIS to get the certificate to take properly.

Simon.
1
 

Author Comment

by:gberryman
ID: 40537894
Thank you simon worked
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question