We help IT Professionals succeed at work.

Getting errors opening on Premise Exchange mailboxes after updating MS Exchagne selfsigned certificate.

John Water
John Water asked
on
High Priority
21 Views
Last Modified: 2020-03-10
I have Exchange 2013 server on Premise. I needed to update the self signed Exchange certificate. I did so by going through the Exchange Admin Center servers\Certificates. I then selected the "Microsoft Exchange" in the list  and then "Renew". It updated with no apparent problems. When I go to the webmail url to open up a mailbox on this server I get a message "This CA Root certificate is not trusted. To enable trust, install this certificate in the Trusted Root Certification Authorities Store."

I can go to PS and enter Get-ExchangeCertificate on the server and I see the correct, newly updated, certificate.
I can go to MMC, certificate and do not see the newly update Exchange Server Certificate, I do, however see the old one in the Trusted Root Certification Authorities\Certificates folder.

I believe if I can get the newly renewed certificate to into the Trusted Root Certification Authorities certificates folder. I am sure how to get this done.

If anyone has any ideas how to correct the error I am getting, I would appreciate any/all input.
Comment
Watch Question

Saif ShaikhServer engineer
CERTIFIED EXPERT

Commented:

Self-Signed certificates are not trusted certs, you need a third party SAN certificate for it to trust.


However you can follow below: 


Install the certificate

On Microsoft Windows

  1. Open Microsoft Management Console (Start --> Run --> mmc.exe);
  2. Choose File --> Add/Remove Snap-in;
  3. In the Standalone tab, choose Add;
  4. Choose the Certificates snap-in, and click Add;
  5. In the wizard, choose the Computer Account, and then choose Local Computer. Press Finish to end the wizard;
  6. Close the Add/Remove Snap-in dialog;
  7. Navigate to Certificates (Local Computer)
  8. Choose a store to import:
    1. If you have the Root CA certificate for the company that issued the certificate, choose Trusted Root Certification Authorities;
    2. If you have the certificate for the server itself, choose Other People
  9. Right-click the store and choose All Tasks --> Import
  10. Follow the wizard and provide the certificate file you have;


If you are getting the error in browser for trust then follow below: 


Right-click the “Internet Explorer” icon, then choose “Run as administrator“ or just the application in “Internet Explorer”.

Visit the website, and choose the option to “Continue to this website (not recommended).”.

Click where it says “Certificate error” in the address bar, then choose “View certificates“.

Select “Install Certificate…“.

Select “Next“. Select the “Place all certificates in the following store” option. Select “Browse…“.

Choose “Trusted Root Certification Authorities“, then select “OK“.

Select “Yes” when prompted with the security warning.

Select “OK” on the “The import was successful” message Select “OK” on the “Certificate” box.

Rerun the Applications.


The actual solution was to bind back end the self signed certificated to the IIS services