Solved

SBS Certificate Error

Posted on 2016-08-22
7
52 Views
Last Modified: 2016-08-23
Hi,

When my users are logging onto either OWA or outlook, they are getting an error which indicates a GoDaddy Certificate has expired. Do I have to buy a new certificate and install it or is there a way of self signing a certificate?

Thanks
SycamoreIT
0
Comment
Question by:SycamoreIT
  • 4
  • 2
7 Comments
 
LVL 10

Assisted Solution

by:Muhammad Mulla
Muhammad Mulla earned 250 total points
ID: 41765146
There are ways of installing self-signed certs on SBS, but it is better and more secure to purchase/renew  an external cert.

https://blogs.technet.microsoft.com/sbs/2008/09/20/introducing-the-add-a-trusted-certificate-wizard-in-sbs-2008/

Or if you really want to go self-signed:

http://serverfault.com/questions/526221/renewing-sbs2011-exchange-self-signed-certificate-w-o-changing-home-page-in-ie
0
 

Author Comment

by:SycamoreIT
ID: 41765337
Im getting this -

[PS] C:\Windows\system32>Get-ExchangeCertificate A2170B014BF7B6064D3829D8A2A81A0E5D760131 | New-ExchangeCertificate |
able-ExchangeCertificate -services pop,imap,smtp,iis
WARNING: This certificate will not be used for external TLS connections with an FQDN of 'mail.company.com' because the
CA-signed certificate with thumbprint 'A2170B014BF7B6064D3829D8A2A81A0E5D760131' takes precedence. The following
receive/send connectors match that FQDN: Windows SBS Internet Receive SBS2011.

Confirm
Overwrite the existing default SMTP certificate?

Current certificate: 'D795186EFE726A43E99F4DF11C6CB6F512BD442D' (expires 22/10/2020 14:16:29)
Replace it with certificate: 'F66776444892DE0AF4FB12CF46250400381090C1' (expires 22/08/2021 15:07:27)
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"):

I dont think its the right certificate?
0
 

Author Comment

by:SycamoreIT
ID: 41765476
Odd, Ive checked all my certificates and none of them are expired?
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 
LVL 22

Expert Comment

by:David Atkin
ID: 41766456
Once you purchase the new certificate you will need to add it via the SBS Console using the Add a Trusted Certificate wizard.  Follow the instructions on screen - Its straight forward.

Adding it via the console will configure Exchange, IIS and the Remote Access Gateway.

Edit:
If it doesn't look like its expired then run the Fix My Network wizard to see if it finds any certificate errors.
0
 

Author Comment

by:SycamoreIT
ID: 41766706
Ive ran the Fix my Network and it offered to fix the cert which is reported back it did succesfully. Still got users complaining they cannot pickup their emails on there phones (mixture of driod/ios) - do they need to remove and add the account back in on there phones?
0
 
LVL 22

Accepted Solution

by:
David Atkin earned 250 total points
ID: 41767047
No they shouldn't need to.  Can you re-check the certificate and confirm if its still the trusted one?
0
 

Author Closing Comment

by:SycamoreIT
ID: 41767145
Thank you both. All sorted.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
how to add IIS SMTP to handle application/Scanner relays into office 365.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now