Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SBS Certificate Error

Posted on 2016-08-22
7
Medium Priority
?
75 Views
Last Modified: 2016-08-23
Hi,

When my users are logging onto either OWA or outlook, they are getting an error which indicates a GoDaddy Certificate has expired. Do I have to buy a new certificate and install it or is there a way of self signing a certificate?

Thanks
SycamoreIT
0
Comment
Question by:SycamoreIT
  • 4
  • 2
7 Comments
 
LVL 10

Assisted Solution

by:Muhammad Mulla
Muhammad Mulla earned 1000 total points
ID: 41765146
There are ways of installing self-signed certs on SBS, but it is better and more secure to purchase/renew  an external cert.

https://blogs.technet.microsoft.com/sbs/2008/09/20/introducing-the-add-a-trusted-certificate-wizard-in-sbs-2008/

Or if you really want to go self-signed:

http://serverfault.com/questions/526221/renewing-sbs2011-exchange-self-signed-certificate-w-o-changing-home-page-in-ie
0
 

Author Comment

by:SycamoreIT
ID: 41765337
Im getting this -

[PS] C:\Windows\system32>Get-ExchangeCertificate A2170B014BF7B6064D3829D8A2A81A0E5D760131 | New-ExchangeCertificate |
able-ExchangeCertificate -services pop,imap,smtp,iis
WARNING: This certificate will not be used for external TLS connections with an FQDN of 'mail.company.com' because the
CA-signed certificate with thumbprint 'A2170B014BF7B6064D3829D8A2A81A0E5D760131' takes precedence. The following
receive/send connectors match that FQDN: Windows SBS Internet Receive SBS2011.

Confirm
Overwrite the existing default SMTP certificate?

Current certificate: 'D795186EFE726A43E99F4DF11C6CB6F512BD442D' (expires 22/10/2020 14:16:29)
Replace it with certificate: 'F66776444892DE0AF4FB12CF46250400381090C1' (expires 22/08/2021 15:07:27)
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"):

I dont think its the right certificate?
0
 

Author Comment

by:SycamoreIT
ID: 41765476
Odd, Ive checked all my certificates and none of them are expired?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 22

Expert Comment

by:David Atkin
ID: 41766456
Once you purchase the new certificate you will need to add it via the SBS Console using the Add a Trusted Certificate wizard.  Follow the instructions on screen - Its straight forward.

Adding it via the console will configure Exchange, IIS and the Remote Access Gateway.

Edit:
If it doesn't look like its expired then run the Fix My Network wizard to see if it finds any certificate errors.
0
 

Author Comment

by:SycamoreIT
ID: 41766706
Ive ran the Fix my Network and it offered to fix the cert which is reported back it did succesfully. Still got users complaining they cannot pickup their emails on there phones (mixture of driod/ios) - do they need to remove and add the account back in on there phones?
0
 
LVL 22

Accepted Solution

by:
David Atkin earned 1000 total points
ID: 41767047
No they shouldn't need to.  Can you re-check the certificate and confirm if its still the trusted one?
0
 

Author Closing Comment

by:SycamoreIT
ID: 41767145
Thank you both. All sorted.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You finally migrated Public Folders to Office 365, decommissioned the Public Folder mailbox database and since then, when you send an email from on-premise to mail-enabled Public Folders, you get the following error: "Misconfigured public folder mai…
In this article, I will demonstrate that how to do a PST migration from Exchange Server to Office 365. This method allows importing one single PST, or multiple PST's at once.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses
Course of the Month12 days, 10 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question