SBS 2003 - Outlook Anywhere/HTTPS (Outlook 2010) renew certificate problems

MixManMash
MixManMash used Ask the Experts™
on
Hi Experts,

The self-signed certificate created using the CEICW tool on our SBS 2003 expired on the weekend.  I tried running the CEICW tool with the following options:
1. Do not change connection type
2. Allow following web site services from internet (OWA, Outlook Mobile Access, Outlook via the Internet).
3. Create a new Web server certificate - domain name xxxxxx.yyyyyyyy.zzz
4. Do not change Internet e-mail configuration

The process succeeded.  However, on the client machine, I installed the new certificate in the Trusted Root Certification Authorities as I have done in the past and Outlook 2010 keeps giving me Error 8 (There is a problem with the proxy server's security certificate.  The security certificate is not from a trusted certifying authority.  Outlook is unable to connect to the proxy server xxxxxx.yyyyyyyy.zzz).  Even after installing the certificate, Internet Explorer keeps stating there is a problem with the certificate.

I am going to bring one of my old remote machines into the office later today to compare the old certificate on the client machine with the new certificate to see if any of those things could be my issue.

I look forward to any help you can provide and thanks in advance.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Scott CSenior Engineer

Commented:
The answer is in the message... "The security certificate is not from a trusted certifying authority.".  A self-signed cert is not from a trusted CA.

Self-signed certs are no longer supported over the internet.

You need to purchase a cert from GoDaddy, VeriSign or some other trusted CA and install it.
Scott CSenior Engineer

Commented:
You also really need to retire the 2003 SBS.  It is no longer supported and hasn't been for over a year.

There are no more patches or updates being made.  

If you have an issue and need to call MS, all they are going to tell you is you need to upgrade.

Author

Commented:
Oh, I agree that SBS 2003 needs to be retired and we are going to be in the process of replacing it.

I didn't realize that self-signed certificates are no longer supported.  It's interesting because this was a non-issue until the certificate expired on the weekend.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Senior Engineer
Commented:
Yes.  I work for an MSP and a lot of our customers have self-signed certs and I have been very busy lately replacing these with proper, trusted certs.

Author

Commented:
Awesome.  Thank you very much Scott.

Author

Commented:
Very helpful and prompt response.  This helped me to solve my issue quickly.
Scott CSenior Engineer

Commented:
Glad I could help.

Also, remember there isn't a direct upgrade path from Exchange 2003 to Exchange 2013/2016.

You will either have to migrate to Exchange 2010 then up from there or export mailboxes to .PSTs then import them into the new environment.

I'm doing one of those right now.  They are going from Exch 2007 to 2016.  Fun...fun....fun....

Author

Commented:
I'm so tired of hosting our own Exchange that we are going to Office 365.  For the 10 or so users that we have, I think it makes the most sense.  We don't have any formal IT department being a smaller organization, so I handle most of the IT stuff along with the other hats that I wear.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial