Solved

SBS Certificate Error

Posted on 2016-08-22
7
65 Views
Last Modified: 2016-08-23
Hi,

When my users are logging onto either OWA or outlook, they are getting an error which indicates a GoDaddy Certificate has expired. Do I have to buy a new certificate and install it or is there a way of self signing a certificate?

Thanks
SycamoreIT
0
Comment
Question by:SycamoreIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 10

Assisted Solution

by:Muhammad Mulla
Muhammad Mulla earned 250 total points
ID: 41765146
There are ways of installing self-signed certs on SBS, but it is better and more secure to purchase/renew  an external cert.

https://blogs.technet.microsoft.com/sbs/2008/09/20/introducing-the-add-a-trusted-certificate-wizard-in-sbs-2008/

Or if you really want to go self-signed:

http://serverfault.com/questions/526221/renewing-sbs2011-exchange-self-signed-certificate-w-o-changing-home-page-in-ie
0
 

Author Comment

by:SycamoreIT
ID: 41765337
Im getting this -

[PS] C:\Windows\system32>Get-ExchangeCertificate A2170B014BF7B6064D3829D8A2A81A0E5D760131 | New-ExchangeCertificate |
able-ExchangeCertificate -services pop,imap,smtp,iis
WARNING: This certificate will not be used for external TLS connections with an FQDN of 'mail.company.com' because the
CA-signed certificate with thumbprint 'A2170B014BF7B6064D3829D8A2A81A0E5D760131' takes precedence. The following
receive/send connectors match that FQDN: Windows SBS Internet Receive SBS2011.

Confirm
Overwrite the existing default SMTP certificate?

Current certificate: 'D795186EFE726A43E99F4DF11C6CB6F512BD442D' (expires 22/10/2020 14:16:29)
Replace it with certificate: 'F66776444892DE0AF4FB12CF46250400381090C1' (expires 22/08/2021 15:07:27)
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"):

I dont think its the right certificate?
0
 

Author Comment

by:SycamoreIT
ID: 41765476
Odd, Ive checked all my certificates and none of them are expired?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 22

Expert Comment

by:David Atkin
ID: 41766456
Once you purchase the new certificate you will need to add it via the SBS Console using the Add a Trusted Certificate wizard.  Follow the instructions on screen - Its straight forward.

Adding it via the console will configure Exchange, IIS and the Remote Access Gateway.

Edit:
If it doesn't look like its expired then run the Fix My Network wizard to see if it finds any certificate errors.
0
 

Author Comment

by:SycamoreIT
ID: 41766706
Ive ran the Fix my Network and it offered to fix the cert which is reported back it did succesfully. Still got users complaining they cannot pickup their emails on there phones (mixture of driod/ios) - do they need to remove and add the account back in on there phones?
0
 
LVL 22

Accepted Solution

by:
David Atkin earned 250 total points
ID: 41767047
No they shouldn't need to.  Can you re-check the certificate and confirm if its still the trusted one?
0
 

Author Closing Comment

by:SycamoreIT
ID: 41767145
Thank you both. All sorted.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
This Experts Exchange video Micro Tutorial shows how to tell Microsoft Office that a word is NOT spelled correctly. Microsoft Office has a built-in, main dictionary that is shared by Office apps, including Excel, Outlook, PowerPoint, and Word. When …
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question