Solved

outlook 2007 security certificate has expired error.

Posted on 2014-12-19
16
179 Views
Last Modified: 2015-01-08
I have a windows server 2003 server
Exchange 2007
CA certificate renewed

Our ssl security certificate recently expired and we renewed it with a third party company. We created the csr and uploaded it to the third party which generated the certificate which we downloaded.

We imported the certificate through the exchange ps management tool and enabled it as well. both expired and new cert showed when we ran get-exchangecertificate list command. we ran remove-exchange certificate command for the expired thumbprint and now only the new cert shows when we run the get-exchangecertificate command.

When we open outlook (2010/2007) we still get the box that say "the security certificate has expired or is not yet valid."
The security certificate from passes, so does the certificate has valid name passes.

Could it be the clients are pointing to the wrong place for their certificates? If so how do I find out where they should point to for the certificate that I enabled in exchange?

Any help would be great I am lost and can't figure it out.

Thanks
0
Comment
Question by:gberryman
  • 8
  • 5
  • 2
  • +1
16 Comments
 
LVL 15

Expert Comment

by:Ivan
ID: 40509976
Hi,

have you tried to restart IIS service?  cmd> iisreset /noforce (or /force)

Regards,
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40510076
You should be able to open the SSL certificate when you get that prompt.
Is the right certificate being presented to the client?

Have you removed the old certificate?

Simon.
0
 
LVL 2

Expert Comment

by:Jasvindar Singh
ID: 40510904
I hope when you try to access OWA over HTTPS - You are not getting certificate error.
Try clearing all the entries in Store Manager on Client machines.
Go to Run => Control Keymgr.dll  (press enter)

It contains stale entries and its safe to remove.
0
 

Author Comment

by:gberryman
ID: 40514072
Thank You I will try restarting IIS and post the results.
0
 

Author Comment

by:gberryman
ID: 40515660
I restarted IIS and now no certificate errors but now the mobile phone users can't connect. As well the http://mail.company.com works but https://mail.company.com does not. Not sure why the secure one no longer works.

Any Ideas?

Thanks for your time guys/girls
0
 
LVL 15

Expert Comment

by:Ivan
ID: 40515677
Hi,

If you go to IIS, and select default web site, and go to bindings, is there SSL (https) binding?
Guess SSL cert is not bind for IIS..
0
 

Author Comment

by:gberryman
ID: 40515692
Ill Check Thank You
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40515698
As this is Exchange 2007, you should really do it through EMS.

get-exchangecertificate

ensure that W (for web) is enabled. If not, then you will need to enable it using

enable-exchangecertificate

Simon.
1
Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

 

Author Comment

by:gberryman
ID: 40515741
When I enabled the cert I looked at my documentation and did not include IIS service. I used Enable-ExchangeCertificate (-Thumbprint) -Services "SMTP". Is this the reason my https and mobile connections are not working?
0
 

Author Comment

by:gberryman
ID: 40515813
If a service is not enabled during the initial enable-exchangecertificate command can I add a service to the existing certificate or do I need to start from scratch with new csr and new certificate?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40521538
You can run the enable command at any time. You do not need to create a new certificate request.

Simon.
0
 

Author Comment

by:gberryman
ID: 40528495
When I tried to enable it said it already exists.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40528868
If you run get-exchangecertificate it will show you the certificate and the services that are enabled for it.
Then run this command:

enable-exchangecertificate -thumbprint xxxxxxx -services iis, pop, smtp, imap

Changing XXXX to match the thumbprint.

Simon.
1
 

Author Comment

by:gberryman
ID: 40529493
Thank you Simon, will this require a restart of IIS as well? Also i read that I shouldn't be adding services I'm not using. Is there any reason why adding unused services is not recommended?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40529968
Where did you read about not adding services that you aren't using?
That isn't something I have ever seen on Microsoft guidance.

You will need to restart IIS to get the certificate to take properly.

Simon.
1
 

Author Comment

by:gberryman
ID: 40537894
Thank you simon worked
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now