gberryman
asked on
outlook 2007 security certificate has expired error.
I have a windows server 2003 server
Exchange 2007
CA certificate renewed
Our ssl security certificate recently expired and we renewed it with a third party company. We created the csr and uploaded it to the third party which generated the certificate which we downloaded.
We imported the certificate through the exchange ps management tool and enabled it as well. both expired and new cert showed when we ran get-exchangecertificate list command. we ran remove-exchange certificate command for the expired thumbprint and now only the new cert shows when we run the get-exchangecertificate command.
When we open outlook (2010/2007) we still get the box that say "the security certificate has expired or is not yet valid."
The security certificate from passes, so does the certificate has valid name passes.
Could it be the clients are pointing to the wrong place for their certificates? If so how do I find out where they should point to for the certificate that I enabled in exchange?
Any help would be great I am lost and can't figure it out.
Thanks
Exchange 2007
CA certificate renewed
Our ssl security certificate recently expired and we renewed it with a third party company. We created the csr and uploaded it to the third party which generated the certificate which we downloaded.
We imported the certificate through the exchange ps management tool and enabled it as well. both expired and new cert showed when we ran get-exchangecertificate list command. we ran remove-exchange certificate command for the expired thumbprint and now only the new cert shows when we run the get-exchangecertificate command.
When we open outlook (2010/2007) we still get the box that say "the security certificate has expired or is not yet valid."
The security certificate from passes, so does the certificate has valid name passes.
Could it be the clients are pointing to the wrong place for their certificates? If so how do I find out where they should point to for the certificate that I enabled in exchange?
Any help would be great I am lost and can't figure it out.
Thanks
You should be able to open the SSL certificate when you get that prompt.
Is the right certificate being presented to the client?
Have you removed the old certificate?
Simon.
Is the right certificate being presented to the client?
Have you removed the old certificate?
Simon.
I hope when you try to access OWA over HTTPS - You are not getting certificate error.
Try clearing all the entries in Store Manager on Client machines.
Go to Run => Control Keymgr.dll (press enter)
It contains stale entries and its safe to remove.
Try clearing all the entries in Store Manager on Client machines.
Go to Run => Control Keymgr.dll (press enter)
It contains stale entries and its safe to remove.
ASKER
Thank You I will try restarting IIS and post the results.
ASKER
I restarted IIS and now no certificate errors but now the mobile phone users can't connect. As well the http://mail.company.com works but https://mail.company.com does not. Not sure why the secure one no longer works.
Any Ideas?
Thanks for your time guys/girls
Any Ideas?
Thanks for your time guys/girls
Hi,
If you go to IIS, and select default web site, and go to bindings, is there SSL (https) binding?
Guess SSL cert is not bind for IIS..
If you go to IIS, and select default web site, and go to bindings, is there SSL (https) binding?
Guess SSL cert is not bind for IIS..
ASKER
Ill Check Thank You
As this is Exchange 2007, you should really do it through EMS.
get-exchangecertificate
ensure that W (for web) is enabled. If not, then you will need to enable it using
enable-exchangecertificate
Simon.
get-exchangecertificate
ensure that W (for web) is enabled. If not, then you will need to enable it using
enable-exchangecertificate
Simon.
ASKER
When I enabled the cert I looked at my documentation and did not include IIS service. I used Enable-ExchangeCertificate
ASKER
If a service is not enabled during the initial enable-exchangecertificate
You can run the enable command at any time. You do not need to create a new certificate request.
Simon.
Simon.
ASKER
When I tried to enable it said it already exists.
If you run get-exchangecertificate it will show you the certificate and the services that are enabled for it.
Then run this command:
enable-exchangecertificate
Changing XXXX to match the thumbprint.
Simon.
Then run this command:
enable-exchangecertificate
Changing XXXX to match the thumbprint.
Simon.
ASKER
Thank you Simon, will this require a restart of IIS as well? Also i read that I shouldn't be adding services I'm not using. Is there any reason why adding unused services is not recommended?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you simon worked
have you tried to restart IIS service? cmd> iisreset /noforce (or /force)
Regards,