Avatar of gberryman
gberryman
 asked on

outlook 2007 security certificate has expired error.

I have a windows server 2003 server
Exchange 2007
CA certificate renewed

Our ssl security certificate recently expired and we renewed it with a third party company. We created the csr and uploaded it to the third party which generated the certificate which we downloaded.

We imported the certificate through the exchange ps management tool and enabled it as well. both expired and new cert showed when we ran get-exchangecertificate list command. we ran remove-exchange certificate command for the expired thumbprint and now only the new cert shows when we run the get-exchangecertificate command.

When we open outlook (2010/2007) we still get the box that say "the security certificate has expired or is not yet valid."
The security certificate from passes, so does the certificate has valid name passes.

Could it be the clients are pointing to the wrong place for their certificates? If so how do I find out where they should point to for the certificate that I enabled in exchange?

Any help would be great I am lost and can't figure it out.

Thanks
Exchange

Avatar of undefined
Last Comment
gberryman

8/22/2022 - Mon
Ivan

Hi,

have you tried to restart IIS service?  cmd> iisreset /noforce (or /force)

Regards,
Simon Butler (Sembee)

You should be able to open the SSL certificate when you get that prompt.
Is the right certificate being presented to the client?

Have you removed the old certificate?

Simon.
Jasvindar Singh

I hope when you try to access OWA over HTTPS - You are not getting certificate error.
Try clearing all the entries in Store Manager on Client machines.
Go to Run => Control Keymgr.dll  (press enter)

It contains stale entries and its safe to remove.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
gberryman

ASKER
Thank You I will try restarting IIS and post the results.
gberryman

ASKER
I restarted IIS and now no certificate errors but now the mobile phone users can't connect. As well the http://mail.company.com works but https://mail.company.com does not. Not sure why the secure one no longer works.

Any Ideas?

Thanks for your time guys/girls
Ivan

Hi,

If you go to IIS, and select default web site, and go to bindings, is there SSL (https) binding?
Guess SSL cert is not bind for IIS..
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
gberryman

ASKER
Ill Check Thank You
Simon Butler (Sembee)

As this is Exchange 2007, you should really do it through EMS.

get-exchangecertificate

ensure that W (for web) is enabled. If not, then you will need to enable it using

enable-exchangecertificate

Simon.
gberryman

ASKER
When I enabled the cert I looked at my documentation and did not include IIS service. I used Enable-ExchangeCertificate (-Thumbprint) -Services "SMTP". Is this the reason my https and mobile connections are not working?
Your help has saved me hundreds of hours of internet surfing.
fblack61
gberryman

ASKER
If a service is not enabled during the initial enable-exchangecertificate command can I add a service to the existing certificate or do I need to start from scratch with new csr and new certificate?
Simon Butler (Sembee)

You can run the enable command at any time. You do not need to create a new certificate request.

Simon.
gberryman

ASKER
When I tried to enable it said it already exists.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Simon Butler (Sembee)

If you run get-exchangecertificate it will show you the certificate and the services that are enabled for it.
Then run this command:

enable-exchangecertificate -thumbprint xxxxxxx -services iis, pop, smtp, imap

Changing XXXX to match the thumbprint.

Simon.
gberryman

ASKER
Thank you Simon, will this require a restart of IIS as well? Also i read that I shouldn't be adding services I'm not using. Is there any reason why adding unused services is not recommended?
ASKER CERTIFIED SOLUTION
Simon Butler (Sembee)

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
gberryman

ASKER
Thank you simon worked
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck