Getting (Proxy server's security certificate) errors 18 and 10
Hello experts,
We have installed a new Exchange 2013 on a new Win 2012 server. The older exchange is 2010 on a Win 2008R2 server.
We plan to uninstall old Exchange 2010 later, right now we have all mailboxes migrated to the new exchange.
Now both mobile app access and owa are working well. We have the issue only with desktop Outlook. For few users only it's working well, for almost 90% of users they are receiving the famous message:
There is a problem with the proxy server's security certificate. The security certificate is not from a trusted certifying authority. Outlook is unable to connect to the proxy server mail.ourdomain.com. (Error code 18).
BTW, we don't have any signed certificate, but only using self-signed ones which are setup automatically upon installation of Exchange.
Any help solving this?
We have installed a new Exchange 2013 on a new Win 2012 server. The older exchange is 2010 on a Win 2008R2 server.
We plan to uninstall old Exchange 2010 later, right now we have all mailboxes migrated to the new exchange.
Now both mobile app access and owa are working well. We have the issue only with desktop Outlook. For few users only it's working well, for almost 90% of users they are receiving the famous message:
There is a problem with the proxy server's security certificate. The security certificate is not from a trusted certifying authority. Outlook is unable to connect to the proxy server mail.ourdomain.com. (Error code 18).
BTW, we don't have any signed certificate, but only using self-signed ones which are setup automatically upon installation of Exchange.
Any help solving this?
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
The answer is in the error you provided:
"The security certificate is not from a trusted certifying authority"
If you're using a self-signed cert you should get used to this error. Purchase a UCC cert from a 3rd party CA like GoDaddy and include autodiscover and mail/owa/email/exchange or whatever you plan on using as the default.
https://www.godaddy.com/web-security/ssl-certificate
"The security certificate is not from a trusted certifying authority"
If you're using a self-signed cert you should get used to this error. Purchase a UCC cert from a 3rd party CA like GoDaddy and include autodiscover and mail/owa/email/exchange or whatever you plan on using as the default.
https://www.godaddy.com/web-security/ssl-certificate
What about cheaper options like this:
https://www.sslcertificate.com/lp/5.99-essentialssl-sale.html?gclid=Cj0KEQjwkeiwBRCzmo-wiKL49pEBEiQAhvGKYT12RV6LLhNoqMhIqoGJxb_IxNNoL_jH1QuhMo3uPdsaAlPm8P8HAQ
Do they offer what we need?
https://www.sslcertificate.com/lp/5.99-essentialssl-sale.html?gclid=Cj0KEQjwkeiwBRCzmo-wiKL49pEBEiQAhvGKYT12RV6LLhNoqMhIqoGJxb_IxNNoL_jH1QuhMo3uPdsaAlPm8P8HAQ
Do they offer what we need?
You cannot add internal names in your 3rd party certificate in the near future.
if you are looking for a cheap certificate buy from namecheap.com
if you are looking for a cheap certificate buy from namecheap.com
No you specifically need a UCC cert to cover multiple domains - autodiscover.domain.com and (for instance) mail.domain.com. You don't technically require autodiscover subdomain if you're using SRV records for Autodiscover so you might actually be able to get away with a non-UCC cert. However, do you really want to paint yourself into a corner by only covering mail.domain.com when the difference is ~$100/yr?
Your only other option would be to configure an Enterprise Certificate Authority in your Active Directory domain and issue certs using that. Note this will work for OWA but not Outlook if you plan on using it off your corporate network. The self-signed cert that comes pre-installed is fine for server auth internally, but not nearly secure enough for client authentication.
Your only other option would be to configure an Enterprise Certificate Authority in your Active Directory domain and issue certs using that. Note this will work for OWA but not Outlook if you plan on using it off your corporate network. The self-signed cert that comes pre-installed is fine for server auth internally, but not nearly secure enough for client authentication.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial