We help IT Professionals succeed at work.

outlook 2007 security certificate has expired error.

gberryman
gberryman asked
on
222 Views
Last Modified: 2015-01-08
I have a windows server 2003 server
Exchange 2007
CA certificate renewed

Our ssl security certificate recently expired and we renewed it with a third party company. We created the csr and uploaded it to the third party which generated the certificate which we downloaded.

We imported the certificate through the exchange ps management tool and enabled it as well. both expired and new cert showed when we ran get-exchangecertificate list command. we ran remove-exchange certificate command for the expired thumbprint and now only the new cert shows when we run the get-exchangecertificate command.

When we open outlook (2010/2007) we still get the box that say "the security certificate has expired or is not yet valid."
The security certificate from passes, so does the certificate has valid name passes.

Could it be the clients are pointing to the wrong place for their certificates? If so how do I find out where they should point to for the certificate that I enabled in exchange?

Any help would be great I am lost and can't figure it out.

Thanks
Comment
Watch Question

IvanSystem Engineer
CERTIFIED EXPERT

Commented:
Hi,

have you tried to restart IIS service?  cmd> iisreset /noforce (or /force)

Regards,
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
You should be able to open the SSL certificate when you get that prompt.
Is the right certificate being presented to the client?

Have you removed the old certificate?

Simon.
Jasvindar SinghOffice 365 Administrator

Commented:
I hope when you try to access OWA over HTTPS - You are not getting certificate error.
Try clearing all the entries in Store Manager on Client machines.
Go to Run => Control Keymgr.dll  (press enter)

It contains stale entries and its safe to remove.

Author

Commented:
Thank You I will try restarting IIS and post the results.

Author

Commented:
I restarted IIS and now no certificate errors but now the mobile phone users can't connect. As well the http://mail.company.com works but https://mail.company.com does not. Not sure why the secure one no longer works.

Any Ideas?

Thanks for your time guys/girls
IvanSystem Engineer
CERTIFIED EXPERT

Commented:
Hi,

If you go to IIS, and select default web site, and go to bindings, is there SSL (https) binding?
Guess SSL cert is not bind for IIS..

Author

Commented:
Ill Check Thank You
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
As this is Exchange 2007, you should really do it through EMS.

get-exchangecertificate

ensure that W (for web) is enabled. If not, then you will need to enable it using

enable-exchangecertificate

Simon.

Author

Commented:
When I enabled the cert I looked at my documentation and did not include IIS service. I used Enable-ExchangeCertificate (-Thumbprint) -Services "SMTP". Is this the reason my https and mobile connections are not working?

Author

Commented:
If a service is not enabled during the initial enable-exchangecertificate command can I add a service to the existing certificate or do I need to start from scratch with new csr and new certificate?
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
You can run the enable command at any time. You do not need to create a new certificate request.

Simon.

Author

Commented:
When I tried to enable it said it already exists.
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
If you run get-exchangecertificate it will show you the certificate and the services that are enabled for it.
Then run this command:

enable-exchangecertificate -thumbprint xxxxxxx -services iis, pop, smtp, imap

Changing XXXX to match the thumbprint.

Simon.

Author

Commented:
Thank you Simon, will this require a restart of IIS as well? Also i read that I shouldn't be adding services I'm not using. Is there any reason why adding unused services is not recommended?
CERTIFIED EXPERT
Most Valuable Expert 2014
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thank you simon worked

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.