SBS 2003 - Outlook Anywhere/HTTPS (Outlook 2010) renew certificate problems

Hi Experts,

The self-signed certificate created using the CEICW tool on our SBS 2003 expired on the weekend.  I tried running the CEICW tool with the following options:
1. Do not change connection type
2. Allow following web site services from internet (OWA, Outlook Mobile Access, Outlook via the Internet).
3. Create a new Web server certificate - domain name xxxxxx.yyyyyyyy.zzz
4. Do not change Internet e-mail configuration

The process succeeded.  However, on the client machine, I installed the new certificate in the Trusted Root Certification Authorities as I have done in the past and Outlook 2010 keeps giving me Error 8 (There is a problem with the proxy server's security certificate.  The security certificate is not from a trusted certifying authority.  Outlook is unable to connect to the proxy server xxxxxx.yyyyyyyy.zzz).  Even after installing the certificate, Internet Explorer keeps stating there is a problem with the certificate.

I am going to bring one of my old remote machines into the office later today to compare the old certificate on the client machine with the new certificate to see if any of those things could be my issue.

I look forward to any help you can provide and thanks in advance.
MixManMashAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott CSenior EngineerCommented:
The answer is in the message... "The security certificate is not from a trusted certifying authority.".  A self-signed cert is not from a trusted CA.

Self-signed certs are no longer supported over the internet.

You need to purchase a cert from GoDaddy, VeriSign or some other trusted CA and install it.
Scott CSenior EngineerCommented:
You also really need to retire the 2003 SBS.  It is no longer supported and hasn't been for over a year.

There are no more patches or updates being made.  

If you have an issue and need to call MS, all they are going to tell you is you need to upgrade.
MixManMashAuthor Commented:
Oh, I agree that SBS 2003 needs to be retired and we are going to be in the process of replacing it.

I didn't realize that self-signed certificates are no longer supported.  It's interesting because this was a non-issue until the certificate expired on the weekend.
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Scott CSenior EngineerCommented:
Yes.  I work for an MSP and a lot of our customers have self-signed certs and I have been very busy lately replacing these with proper, trusted certs.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MixManMashAuthor Commented:
Awesome.  Thank you very much Scott.
MixManMashAuthor Commented:
Very helpful and prompt response.  This helped me to solve my issue quickly.
Scott CSenior EngineerCommented:
Glad I could help.

Also, remember there isn't a direct upgrade path from Exchange 2003 to Exchange 2013/2016.

You will either have to migrate to Exchange 2010 then up from there or export mailboxes to .PSTs then import them into the new environment.

I'm doing one of those right now.  They are going from Exch 2007 to 2016.  Fun...fun....fun....
MixManMashAuthor Commented:
I'm so tired of hosting our own Exchange that we are going to Office 365.  For the 10 or so users that we have, I think it makes the most sense.  We don't have any formal IT department being a smaller organization, so I handle most of the IT stuff along with the other hats that I wear.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.