Link to home
Start Free TrialLog in
Avatar of gberryman

asked on

outlook 2007 security certificate has expired error.

I have a windows server 2003 server
Exchange 2007
CA certificate renewed

Our ssl security certificate recently expired and we renewed it with a third party company. We created the csr and uploaded it to the third party which generated the certificate which we downloaded.

We imported the certificate through the exchange ps management tool and enabled it as well. both expired and new cert showed when we ran get-exchangecertificate list command. we ran remove-exchange certificate command for the expired thumbprint and now only the new cert shows when we run the get-exchangecertificate command.

When we open outlook (2010/2007) we still get the box that say "the security certificate has expired or is not yet valid."
The security certificate from passes, so does the certificate has valid name passes.

Could it be the clients are pointing to the wrong place for their certificates? If so how do I find out where they should point to for the certificate that I enabled in exchange?

Any help would be great I am lost and can't figure it out.

Avatar of Ivan
Flag of Serbia image


have you tried to restart IIS service?  cmd> iisreset /noforce (or /force)

You should be able to open the SSL certificate when you get that prompt.
Is the right certificate being presented to the client?

Have you removed the old certificate?

I hope when you try to access OWA over HTTPS - You are not getting certificate error.
Try clearing all the entries in Store Manager on Client machines.
Go to Run => Control Keymgr.dll  (press enter)

It contains stale entries and its safe to remove.
Avatar of gberryman


Thank You I will try restarting IIS and post the results.
I restarted IIS and now no certificate errors but now the mobile phone users can't connect. As well the works but does not. Not sure why the secure one no longer works.

Any Ideas?

Thanks for your time guys/girls

If you go to IIS, and select default web site, and go to bindings, is there SSL (https) binding?
Guess SSL cert is not bind for IIS..
Ill Check Thank You
As this is Exchange 2007, you should really do it through EMS.


ensure that W (for web) is enabled. If not, then you will need to enable it using


When I enabled the cert I looked at my documentation and did not include IIS service. I used Enable-ExchangeCertificate (-Thumbprint) -Services "SMTP". Is this the reason my https and mobile connections are not working?
If a service is not enabled during the initial enable-exchangecertificate command can I add a service to the existing certificate or do I need to start from scratch with new csr and new certificate?
You can run the enable command at any time. You do not need to create a new certificate request.

When I tried to enable it said it already exists.
If you run get-exchangecertificate it will show you the certificate and the services that are enabled for it.
Then run this command:

enable-exchangecertificate -thumbprint xxxxxxx -services iis, pop, smtp, imap

Changing XXXX to match the thumbprint.

Thank you Simon, will this require a restart of IIS as well? Also i read that I shouldn't be adding services I'm not using. Is there any reason why adding unused services is not recommended?
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thank you simon worked