Issues with invalid certificate error on client outlook
-
Monday, June 18, 2012 8:27 AM
I can't determine where the error is. any help is much appreciated.
The client gets a autodiscover.femcare-nikomed.co.uk , name on certificate is invalid issuer cn Femcare-Nikomed, dc femcare, dc co, dc uk
The exchange shell cetlog.txt follows
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {ares.femcare-nikomed.co.uk}
HasPrivateKey : True
IsSelfSigned : True
Issuer : C=gb, S=Hampshire, L=Romsey, O=Femcare-Nikomed, OU=Romsey,
CN=ares.femcare-nikomed.co.uk
NotAfter : 22/05/2017 21:50:04
NotBefore : 22/05/2012 21:50:04
PublicKeySize : 1024
RootCAType : None
SerialNumber : F7A488AACF6605A14CE72094FE02BF1F
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : C=gb, S=Hampshire, L=Romsey, O=Femcare-Nikomed, OU=Romsey,
CN=ares.femcare-nikomed.co.uk
Thumbprint : 9826E5D11C90825EF84FD2FAEDB8F0481CBF65D2AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {ares.femcare-nikomed.co.uk}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Femcare-Nikomed, DC=femcare, DC=co, DC=uk
NotAfter : 26/03/2014 11:18:03
NotBefore : 16/05/2012 14:55:37
PublicKeySize : 1024
RootCAType : Registry
SerialNumber : 192C700300000000000B
Services : IMAP, POP, IIS, SMTP
Status : Valid
Subject : CN=ares.femcare-nikomed.co.uk, OU=Romsey, O=Femcare-Nikome
d, L=Romsey, S=Hampshire, C=gb
Thumbprint : CB3806CE64F4134C2FAE9C7DBE12F256F485F775AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.femcare-nikomed.co.uk}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
NotAfter : 24/03/2013 05:43:24
NotBefore : 20/02/2012 13:44:14
PublicKeySize : 2048
RootCAType : ThirdParty
SerialNumber : 05493B
Services : IIS
Status : Valid
Subject : CN=mail.femcare-nikomed.co.uk, OU=Domain Control Validated
- RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)1
2, OU=GT59308005, O=mail.femcare-nikomed.co.uk, C=GB, SERI
ALNUMBER=cs//FuIxSNFbZ8LyuxAZWtpquohVfczS
Thumbprint : 482F6064DEDE363D169CE88C13F2C5FE2C4D27F9AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {ARES.femcare.co.uk}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Femcare-Nikomed, DC=femcare, DC=co, DC=uk
NotAfter : 19/11/2012 21:40:37
NotBefore : 20/11/2011 21:40:37
PublicKeySize : 1024
RootCAType : Registry
SerialNumber : 7E9D671F00000000000A
Services : None
Status : Valid
Subject : CN=ARES.femcare.co.uk
Thumbprint : B8463689ED35B4000F1F1DC809A6363599CF5190AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.femcare-nikomed.co.uk}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
NotAfter : 21/02/2012 07:40:22
NotBefore : 20/12/2010 11:19:26
PublicKeySize : 2048
RootCAType : ThirdParty
SerialNumber : 1D76
Services : None
Status : DateInvalid
Subject : CN=mail.femcare-nikomed.co.uk, OU=Domain Control Validated
- RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)1
0, OU=GT59308005, O=mail.femcare-nikomed.co.uk, C=GB, SERI
ALNUMBER=hBn/CTozLL37YxO9L7z-3ItKwLaia10k
Thumbprint : 02BEEE14A22C08C2FA2C984A5F63B8487911EBDAAccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {launchpad.femcare-nikomed.co.uk}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Femcare-Nikomed, DC=femcare, DC=co, DC=uk
NotAfter : 09/11/2012 10:46:25
NotBefore : 10/11/2010 10:46:25
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 4371BB67000000000007
Services : None
Status : Valid
Subject : CN=launchpad.femcare-nikomed.co.uk, OU=External, O=Femcare
-Nikomed, L=Romsey, S=Hampshire, C=GB
Thumbprint : CD6DBF0A9E81D453D2F161AAF810B1028AAE4533AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {ares.femcare-nikomed.co.uk, ares.femcare.co.uk, mail.femc
are-nikomed.co.uk, autodiscover.femcare-nikomed.co.uk, aut
odiscover.femcare.co.uk}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=ares.femcare-nikomed.co.uk, OU=Romsey, O=Femcare-Nikome
d, L=Romsey, S=Hampshire, C=gb
NotAfter : 26/04/2011 11:41:00
NotBefore : 26/04/2010 11:41:00
PublicKeySize : 1024
RootCAType : Unknown
SerialNumber : CBC87B18BB6A63964A62088A7E0EC72D
Services : IMAP, POP, SMTP
Status : Invalid
Subject : CN=ares.femcare-nikomed.co.uk, OU=Romsey, O=Femcare-Nikome
d, L=Romsey, S=Hampshire, C=gb
Thumbprint : F2F1858E57CAEE582F3AA5CD3BCAF003D26DEC59AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.femcare-nikomed.co.uk}
HasPrivateKey : True
IsSelfSigned : False
Issuer : OU=Equifax Secure Certificate Authority, O=Equifax, C=US
NotAfter : 14/01/2011 02:56:53
NotBefore : 11/01/2010 22:04:48
PublicKeySize : 1024
RootCAType : ThirdParty
SerialNumber : 0EC677
Services : None
Status : DateInvalid
Subject : CN=mail.femcare-nikomed.co.uk, OU=Domain Control Validated
- RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)1
0, OU=GT59308005, O=mail.femcare-nikomed.co.uk, C=GB, SERI
ALNUMBER=0uV0sr-ft2ywODfXLpHQ-vf2DF9fW5ez
Thumbprint : 1E4A1EA4C52A6430085DEE9AEF23114966D041A2AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {ARES, ARES.femcare.co.uk}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=ARES
NotAfter : 28/05/2010 12:00:13
NotBefore : 28/05/2009 12:00:13
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 770F64F90A029E934E86E3F6C39BA71C
Services : SMTP
Status : Invalid
Subject : CN=ARES
Thumbprint : DC65A98C1393250E3D42A19C431B4E7E7282D13CAccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Femcare-Nikomed}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=Femcare-Nikomed, DC=femcare, DC=co, DC=uk
NotAfter : 26/03/2014 11:18:03
NotBefore : 26/03/2009 11:10:31
PublicKeySize : 2048
RootCAType : Registry
SerialNumber : 1BFD911AE6307B87412AE657B0E46D95
Services : None
Status : Valid
Subject : CN=Femcare-Nikomed, DC=femcare, DC=co, DC=uk
Thumbprint : B74C4536600BF813A2EA2548637241AD57EAE0FDAccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {ARES}
HasPrivateKey : True
IsSelfSigned : True
Issuer : OID.1.2.840.113549.1.9.2=fbdd1c6c1c8e7f4564d7761726520496e
632e, CN=ARES, E=ssl-sertificates@vmware.com, OU=Applicati
ons, O="VMware, Inc.", L=Palo Alto, S=California, C=US
NotAfter : 13/04/2011 11:07:56
NotBefore : 17/07/2008 11:07:56
PublicKeySize : 1024
RootCAType : Unknown
SerialNumber : 0088DB3551BE0CFA12
Services : IIS
Status : Invalid
Subject : OID.1.2.840.113549.1.9.2=fbdd1c6c1c8e7f4564d7761726520496e
632e, CN=ARES, E=ssl-sertificates@vmware.com, OU=Applicati
ons, O="VMware, Inc.", L=Palo Alto, S=California, C=US
Thumbprint : 8C6CDE5095BACF10536474B2B211FC73DED9B09AAccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.femcare-nikomed.co.uk, autodiscover.femcare-nikomed.
co.uk, ares, ares.femcare.co.uk}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Femcare Ltd, DC=femcare, DC=co, DC=uk
NotAfter : 09/04/2010 13:14:47
NotBefore : 01/06/2008 21:00:36
PublicKeySize : 1024
RootCAType : Enterprise
SerialNumber : 112D94F4000000000013
Services : None
Status : DateInvalid
Subject : CN=mail.femcare-nikomed.co.uk, O=Femcare-Nikomed, L=Romsey
, S=Hampshire, C=GB
Thumbprint : 26893A36EB17E42DDE374AE1278ED9374409A857AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.femcare-nikomed.co.uk, ares, ares.femcare.co.uk, aut
discover.femcare-nikomed.co.uk}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Femcare Ltd, DC=femcare, DC=co, DC=uk
NotAfter : 09/04/2010 13:14:47
NotBefore : 01/06/2008 14:33:11
PublicKeySize : 1024
RootCAType : Enterprise
SerialNumber : 147D80A4000000000012
Services : None
Status : DateInvalid
Subject : CN=mail.femcare-nikomed.co.uk, O=Femcare-Nikomed Ltd, L=Ro
msey, S=Hampshire, C=GB
Thumbprint : C7B055048F8B42BC990276BEC098F523055A4B7EAccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.femcare-nikomed.co.uk}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Femcare Ltd, DC=femcare, DC=co, DC=uk
NotAfter : 26/03/2010 10:14:41
NotBefore : 26/03/2008 10:14:41
PublicKeySize : 1024
RootCAType : Enterprise
SerialNumber : 23DABB19000000000010
Services : None
Status : DateInvalid
Subject : CN=mail.femcare-nikomed.co.uk, OU=Romsey, O=Femcare-Nikome
d, L=Romsey, S=Hampshire, C=GB
Thumbprint : C99ABF0CFE861AA03F431A09E90232DE0E9EF2CA
All Replies
-
Monday, June 18, 2012 9:24 AM
As far as I can tell:
CertificateDomains : {ares.femcare-nikomed.co.uk, ares.femcare.co.uk, mail.femc
are-nikomed.co.uk, autodiscover.femcare-nikomed.co.uk, aut
odiscover.femcare.co.uk}
HasPrivateKey : True
IsSelfSigned : TrueThat part shows the problem. Since you included the domainname I checked from my client as well, your owa (https://mail.femcare-nikomed.co.uk/owa) shows a valid, geotrust certificate, but going to autodiscover presents me with a selfsigned certificate. Autodiscover should be added as a alternate name to your certificate to get rid of the errors.
- Proposed As Answer by Martina_MiskovicMicrosoft Community Contributor Monday, June 18, 2012 3:56 PM
- Marked As Answer by wendy_liuMicrosoft Contingent Staff, Moderator Tuesday, June 19, 2012 9:38 AM
-
Monday, June 18, 2012 10:01 AM
Thank you very much, it did fix the problem
Robert
.png)
