SBS Certificate Error

Hi,

When my users are logging onto either OWA or outlook, they are getting an error which indicates a GoDaddy Certificate has expired. Do I have to buy a new certificate and install it or is there a way of self signing a certificate?

Thanks
SycamoreIT
SycamoreITAsked:
Who is Participating?
 
David AtkinConnect With a Mentor Technical DirectorCommented:
No they shouldn't need to.  Can you re-check the certificate and confirm if its still the trusted one?
0
 
Muhammad MullaConnect With a Mentor Commented:
There are ways of installing self-signed certs on SBS, but it is better and more secure to purchase/renew  an external cert.

https://blogs.technet.microsoft.com/sbs/2008/09/20/introducing-the-add-a-trusted-certificate-wizard-in-sbs-2008/

Or if you really want to go self-signed:

http://serverfault.com/questions/526221/renewing-sbs2011-exchange-self-signed-certificate-w-o-changing-home-page-in-ie
0
 
SycamoreITAuthor Commented:
Im getting this -

[PS] C:\Windows\system32>Get-ExchangeCertificate A2170B014BF7B6064D3829D8A2A81A0E5D760131 | New-ExchangeCertificate |
able-ExchangeCertificate -services pop,imap,smtp,iis
WARNING: This certificate will not be used for external TLS connections with an FQDN of 'mail.company.com' because the
CA-signed certificate with thumbprint 'A2170B014BF7B6064D3829D8A2A81A0E5D760131' takes precedence. The following
receive/send connectors match that FQDN: Windows SBS Internet Receive SBS2011.

Confirm
Overwrite the existing default SMTP certificate?

Current certificate: 'D795186EFE726A43E99F4DF11C6CB6F512BD442D' (expires 22/10/2020 14:16:29)
Replace it with certificate: 'F66776444892DE0AF4FB12CF46250400381090C1' (expires 22/08/2021 15:07:27)
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"):

I dont think its the right certificate?
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
SycamoreITAuthor Commented:
Odd, Ive checked all my certificates and none of them are expired?
0
 
David AtkinTechnical DirectorCommented:
Once you purchase the new certificate you will need to add it via the SBS Console using the Add a Trusted Certificate wizard.  Follow the instructions on screen - Its straight forward.

Adding it via the console will configure Exchange, IIS and the Remote Access Gateway.

Edit:
If it doesn't look like its expired then run the Fix My Network wizard to see if it finds any certificate errors.
0
 
SycamoreITAuthor Commented:
Ive ran the Fix my Network and it offered to fix the cert which is reported back it did succesfully. Still got users complaining they cannot pickup their emails on there phones (mixture of driod/ios) - do they need to remove and add the account back in on there phones?
0
 
SycamoreITAuthor Commented:
Thank you both. All sorted.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.