none
Issues with invalid certificate error on client outlook

    Question

  • I can't determine where the error is. any help is much appreciated.

    The client gets a autodiscover.femcare-nikomed.co.uk , name on certificate is invalid issuer cn Femcare-Nikomed, dc femcare, dc co, dc uk

    The exchange shell cetlog.txt follows

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                         ty.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {ares.femcare-nikomed.co.uk}
    HasPrivateKey      : True
    IsSelfSigned       : True
    Issuer             : C=gb, S=Hampshire, L=Romsey, O=Femcare-Nikomed, OU=Romsey,
                          CN=ares.femcare-nikomed.co.uk
    NotAfter           : 22/05/2017 21:50:04
    NotBefore          : 22/05/2012 21:50:04
    PublicKeySize      : 1024
    RootCAType         : None
    SerialNumber       : F7A488AACF6605A14CE72094FE02BF1F
    Services           : IMAP, POP, IIS, SMTP
    Status             : Valid
    Subject            : C=gb, S=Hampshire, L=Romsey, O=Femcare-Nikomed, OU=Romsey,
                          CN=ares.femcare-nikomed.co.uk
    Thumbprint         : 9826E5D11C90825EF84FD2FAEDB8F0481CBF65D2

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                         ty.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {ares.femcare-nikomed.co.uk}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=Femcare-Nikomed, DC=femcare, DC=co, DC=uk
    NotAfter           : 26/03/2014 11:18:03
    NotBefore          : 16/05/2012 14:55:37
    PublicKeySize      : 1024
    RootCAType         : Registry
    SerialNumber       : 192C700300000000000B
    Services           : IMAP, POP, IIS, SMTP
    Status             : Valid
    Subject            : CN=ares.femcare-nikomed.co.uk, OU=Romsey, O=Femcare-Nikome
                         d, L=Romsey, S=Hampshire, C=gb
    Thumbprint         : CB3806CE64F4134C2FAE9C7DBE12F256F485F775

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail.femcare-nikomed.co.uk}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
    NotAfter           : 24/03/2013 05:43:24
    NotBefore          : 20/02/2012 13:44:14
    PublicKeySize      : 2048
    RootCAType         : ThirdParty
    SerialNumber       : 05493B
    Services           : IIS
    Status             : Valid
    Subject            : CN=mail.femcare-nikomed.co.uk, OU=Domain Control Validated
                          - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)1
                         2, OU=GT59308005, O=mail.femcare-nikomed.co.uk, C=GB, SERI
                         ALNUMBER=cs//FuIxSNFbZ8LyuxAZWtpquohVfczS
    Thumbprint         : 482F6064DEDE363D169CE88C13F2C5FE2C4D27F9

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {ARES.femcare.co.uk}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=Femcare-Nikomed, DC=femcare, DC=co, DC=uk
    NotAfter           : 19/11/2012 21:40:37
    NotBefore          : 20/11/2011 21:40:37
    PublicKeySize      : 1024
    RootCAType         : Registry
    SerialNumber       : 7E9D671F00000000000A
    Services           : None
    Status             : Valid
    Subject            : CN=ARES.femcare.co.uk
    Thumbprint         : B8463689ED35B4000F1F1DC809A6363599CF5190

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail.femcare-nikomed.co.uk}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
    NotAfter           : 21/02/2012 07:40:22
    NotBefore          : 20/12/2010 11:19:26
    PublicKeySize      : 2048
    RootCAType         : ThirdParty
    SerialNumber       : 1D76
    Services           : None
    Status             : DateInvalid
    Subject            : CN=mail.femcare-nikomed.co.uk, OU=Domain Control Validated
                          - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)1
                         0, OU=GT59308005, O=mail.femcare-nikomed.co.uk, C=GB, SERI
                         ALNUMBER=hBn/CTozLL37YxO9L7z-3ItKwLaia10k
    Thumbprint         : 02BEEE14A22C08C2FA2C984A5F63B8487911EBDA

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {launchpad.femcare-nikomed.co.uk}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=Femcare-Nikomed, DC=femcare, DC=co, DC=uk
    NotAfter           : 09/11/2012 10:46:25
    NotBefore          : 10/11/2010 10:46:25
    PublicKeySize      : 2048
    RootCAType         : Registry
    SerialNumber       : 4371BB67000000000007
    Services           : None
    Status             : Valid
    Subject            : CN=launchpad.femcare-nikomed.co.uk, OU=External, O=Femcare
                         -Nikomed, L=Romsey, S=Hampshire, C=GB
    Thumbprint         : CD6DBF0A9E81D453D2F161AAF810B1028AAE4533

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                         ty.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {ares.femcare-nikomed.co.uk, ares.femcare.co.uk, mail.femc
                         are-nikomed.co.uk, autodiscover.femcare-nikomed.co.uk, aut
                         odiscover.femcare.co.uk}
    HasPrivateKey      : True
    IsSelfSigned       : True
    Issuer             : CN=ares.femcare-nikomed.co.uk, OU=Romsey, O=Femcare-Nikome
                         d, L=Romsey, S=Hampshire, C=gb
    NotAfter           : 26/04/2011 11:41:00
    NotBefore          : 26/04/2010 11:41:00
    PublicKeySize      : 1024
    RootCAType         : Unknown
    SerialNumber       : CBC87B18BB6A63964A62088A7E0EC72D
    Services           : IMAP, POP, SMTP
    Status             : Invalid
    Subject            : CN=ares.femcare-nikomed.co.uk, OU=Romsey, O=Femcare-Nikome
                         d, L=Romsey, S=Hampshire, C=gb
    Thumbprint         : F2F1858E57CAEE582F3AA5CD3BCAF003D26DEC59

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail.femcare-nikomed.co.uk}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : OU=Equifax Secure Certificate Authority, O=Equifax, C=US
    NotAfter           : 14/01/2011 02:56:53
    NotBefore          : 11/01/2010 22:04:48
    PublicKeySize      : 1024
    RootCAType         : ThirdParty
    SerialNumber       : 0EC677
    Services           : None
    Status             : DateInvalid
    Subject            : CN=mail.femcare-nikomed.co.uk, OU=Domain Control Validated
                          - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)1
                         0, OU=GT59308005, O=mail.femcare-nikomed.co.uk, C=GB, SERI
                         ALNUMBER=0uV0sr-ft2ywODfXLpHQ-vf2DF9fW5ez
    Thumbprint         : 1E4A1EA4C52A6430085DEE9AEF23114966D041A2

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                         ty.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {ARES, ARES.femcare.co.uk}
    HasPrivateKey      : True
    IsSelfSigned       : True
    Issuer             : CN=ARES
    NotAfter           : 28/05/2010 12:00:13
    NotBefore          : 28/05/2009 12:00:13
    PublicKeySize      : 2048
    RootCAType         : Unknown
    SerialNumber       : 770F64F90A029E934E86E3F6C39BA71C
    Services           : SMTP
    Status             : Invalid
    Subject            : CN=ARES
    Thumbprint         : DC65A98C1393250E3D42A19C431B4E7E7282D13C

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {Femcare-Nikomed}
    HasPrivateKey      : True
    IsSelfSigned       : True
    Issuer             : CN=Femcare-Nikomed, DC=femcare, DC=co, DC=uk
    NotAfter           : 26/03/2014 11:18:03
    NotBefore          : 26/03/2009 11:10:31
    PublicKeySize      : 2048
    RootCAType         : Registry
    SerialNumber       : 1BFD911AE6307B87412AE657B0E46D95
    Services           : None
    Status             : Valid
    Subject            : CN=Femcare-Nikomed, DC=femcare, DC=co, DC=uk
    Thumbprint         : B74C4536600BF813A2EA2548637241AD57EAE0FD

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {ARES}
    HasPrivateKey      : True
    IsSelfSigned       : True
    Issuer             : OID.1.2.840.113549.1.9.2=fbdd1c6c1c8e7f4564d7761726520496e
                         632e, CN=ARES, E=ssl-sertificates@vmware.com, OU=Applicati
                         ons, O="VMware, Inc.", L=Palo Alto, S=California, C=US
    NotAfter           : 13/04/2011 11:07:56
    NotBefore          : 17/07/2008 11:07:56
    PublicKeySize      : 1024
    RootCAType         : Unknown
    SerialNumber       : 0088DB3551BE0CFA12
    Services           : IIS
    Status             : Invalid
    Subject            : OID.1.2.840.113549.1.9.2=fbdd1c6c1c8e7f4564d7761726520496e
                         632e, CN=ARES, E=ssl-sertificates@vmware.com, OU=Applicati
                         ons, O="VMware, Inc.", L=Palo Alto, S=California, C=US
    Thumbprint         : 8C6CDE5095BACF10536474B2B211FC73DED9B09A

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail.femcare-nikomed.co.uk, autodiscover.femcare-nikomed.
                         co.uk, ares, ares.femcare.co.uk}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=Femcare Ltd, DC=femcare, DC=co, DC=uk
    NotAfter           : 09/04/2010 13:14:47
    NotBefore          : 01/06/2008 21:00:36
    PublicKeySize      : 1024
    RootCAType         : Enterprise
    SerialNumber       : 112D94F4000000000013
    Services           : None
    Status             : DateInvalid
    Subject            : CN=mail.femcare-nikomed.co.uk, O=Femcare-Nikomed, L=Romsey
                         , S=Hampshire, C=GB
    Thumbprint         : 26893A36EB17E42DDE374AE1278ED9374409A857

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail.femcare-nikomed.co.uk, ares, ares.femcare.co.uk, aut
                         discover.femcare-nikomed.co.uk}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=Femcare Ltd, DC=femcare, DC=co, DC=uk
    NotAfter           : 09/04/2010 13:14:47
    NotBefore          : 01/06/2008 14:33:11
    PublicKeySize      : 1024
    RootCAType         : Enterprise
    SerialNumber       : 147D80A4000000000012
    Services           : None
    Status             : DateInvalid
    Subject            : CN=mail.femcare-nikomed.co.uk, O=Femcare-Nikomed Ltd, L=Ro
                         msey, S=Hampshire, C=GB
    Thumbprint         : C7B055048F8B42BC990276BEC098F523055A4B7E

    AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                         .Security.AccessControl.CryptoKeyAccessRule}
    CertificateDomains : {mail.femcare-nikomed.co.uk}
    HasPrivateKey      : True
    IsSelfSigned       : False
    Issuer             : CN=Femcare Ltd, DC=femcare, DC=co, DC=uk
    NotAfter           : 26/03/2010 10:14:41
    NotBefore          : 26/03/2008 10:14:41
    PublicKeySize      : 1024
    RootCAType         : Enterprise
    SerialNumber       : 23DABB19000000000010
    Services           : None
    Status             : DateInvalid
    Subject            : CN=mail.femcare-nikomed.co.uk, OU=Romsey, O=Femcare-Nikome
                         d, L=Romsey, S=Hampshire, C=GB
    Thumbprint         : C99ABF0CFE861AA03F431A09E90232DE0E9EF2CA

     

     

    Monday, June 18, 2012 8:27 AM

Answers

  • As far as I can tell:

    CertificateDomains : {ares.femcare-nikomed.co.uk, ares.femcare.co.uk, mail.femc
                         are-nikomed.co.uk, autodiscover.femcare-nikomed.co.uk, aut
                         odiscover.femcare.co.uk}
    HasPrivateKey      : True
    IsSelfSigned       : True

    That part shows the problem. Since you included the domainname I checked from my client as well, your owa (https://mail.femcare-nikomed.co.uk/owa) shows a valid, geotrust certificate, but going to autodiscover presents me with a selfsigned certificate. Autodiscover should be added as a alternate name to your certificate to get rid of the errors.

    Monday, June 18, 2012 9:24 AM

All replies

  • As far as I can tell:

    CertificateDomains : {ares.femcare-nikomed.co.uk, ares.femcare.co.uk, mail.femc
                         are-nikomed.co.uk, autodiscover.femcare-nikomed.co.uk, aut
                         odiscover.femcare.co.uk}
    HasPrivateKey      : True
    IsSelfSigned       : True

    That part shows the problem. Since you included the domainname I checked from my client as well, your owa (https://mail.femcare-nikomed.co.uk/owa) shows a valid, geotrust certificate, but going to autodiscover presents me with a selfsigned certificate. Autodiscover should be added as a alternate name to your certificate to get rid of the errors.

    Monday, June 18, 2012 9:24 AM
  • Thank you very much, it did fix the problem

    Robert

    Monday, June 18, 2012 10:01 AM