Solved

outlook 2007 security certificate has expired error.

Posted on 2014-12-19
16
182 Views
Last Modified: 2015-01-08
I have a windows server 2003 server
Exchange 2007
CA certificate renewed

Our ssl security certificate recently expired and we renewed it with a third party company. We created the csr and uploaded it to the third party which generated the certificate which we downloaded.

We imported the certificate through the exchange ps management tool and enabled it as well. both expired and new cert showed when we ran get-exchangecertificate list command. we ran remove-exchange certificate command for the expired thumbprint and now only the new cert shows when we run the get-exchangecertificate command.

When we open outlook (2010/2007) we still get the box that say "the security certificate has expired or is not yet valid."
The security certificate from passes, so does the certificate has valid name passes.

Could it be the clients are pointing to the wrong place for their certificates? If so how do I find out where they should point to for the certificate that I enabled in exchange?

Any help would be great I am lost and can't figure it out.

Thanks
0
Comment
Question by:gberryman
  • 8
  • 5
  • 2
  • +1
16 Comments
 
LVL 16

Expert Comment

by:Ivan
ID: 40509976
Hi,

have you tried to restart IIS service?  cmd> iisreset /noforce (or /force)

Regards,
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40510076
You should be able to open the SSL certificate when you get that prompt.
Is the right certificate being presented to the client?

Have you removed the old certificate?

Simon.
0
 
LVL 2

Expert Comment

by:Jasvindar Singh
ID: 40510904
I hope when you try to access OWA over HTTPS - You are not getting certificate error.
Try clearing all the entries in Store Manager on Client machines.
Go to Run => Control Keymgr.dll  (press enter)

It contains stale entries and its safe to remove.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:gberryman
ID: 40514072
Thank You I will try restarting IIS and post the results.
0
 

Author Comment

by:gberryman
ID: 40515660
I restarted IIS and now no certificate errors but now the mobile phone users can't connect. As well the http://mail.company.com works but https://mail.company.com does not. Not sure why the secure one no longer works.

Any Ideas?

Thanks for your time guys/girls
0
 
LVL 16

Expert Comment

by:Ivan
ID: 40515677
Hi,

If you go to IIS, and select default web site, and go to bindings, is there SSL (https) binding?
Guess SSL cert is not bind for IIS..
0
 

Author Comment

by:gberryman
ID: 40515692
Ill Check Thank You
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40515698
As this is Exchange 2007, you should really do it through EMS.

get-exchangecertificate

ensure that W (for web) is enabled. If not, then you will need to enable it using

enable-exchangecertificate

Simon.
1
 

Author Comment

by:gberryman
ID: 40515741
When I enabled the cert I looked at my documentation and did not include IIS service. I used Enable-ExchangeCertificate (-Thumbprint) -Services "SMTP". Is this the reason my https and mobile connections are not working?
0
 

Author Comment

by:gberryman
ID: 40515813
If a service is not enabled during the initial enable-exchangecertificate command can I add a service to the existing certificate or do I need to start from scratch with new csr and new certificate?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40521538
You can run the enable command at any time. You do not need to create a new certificate request.

Simon.
0
 

Author Comment

by:gberryman
ID: 40528495
When I tried to enable it said it already exists.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40528868
If you run get-exchangecertificate it will show you the certificate and the services that are enabled for it.
Then run this command:

enable-exchangecertificate -thumbprint xxxxxxx -services iis, pop, smtp, imap

Changing XXXX to match the thumbprint.

Simon.
1
 

Author Comment

by:gberryman
ID: 40529493
Thank you Simon, will this require a restart of IIS as well? Also i read that I shouldn't be adding services I'm not using. Is there any reason why adding unused services is not recommended?
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40529968
Where did you read about not adding services that you aren't using?
That isn't something I have ever seen on Microsoft guidance.

You will need to restart IIS to get the certificate to take properly.

Simon.
1
 

Author Comment

by:gberryman
ID: 40537894
Thank you simon worked
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now