none
certificate revoked but activesync and OA still work?

    Question

  • I imported a new certificate a few days ago (mail.company.com) and activesync, OA, etc were setup and they worked

    Yesterday, I revoked the cert (and also deleted the cert from the exch 2010 server) because I bought the wrong package and godaddy said just to cancel my cert (they refunded my $) and place an order again.

    But activesync and OA still works?  HOw is that possible?

    OWA doesn't work anymore though (which was expected)

    There is a problem with this website's security certificate.
     
      
     This organization's certificate has been revoked.

    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. 
      We recommend that you close this 

    Tuesday, April 10, 2012 4:57 AM

Answers

  • Are you trying OA from inside your company? Which mobile phone are you using for activesync?

    Background: There can be old certificates that are still working for your exchange server and supporting your clients access trough old names (e.g. FQDN) Some mobile phones even don`t care about certificates and connect without checking for revocation.

    Please check the exch management console for active certificates.

    • Marked as answer by ccslai Tuesday, April 10, 2012 1:12 PM
    Tuesday, April 10, 2012 10:41 AM
  • Are you trying OA from inside your company? Which mobile phone are you using for activesync?

    Nope, OA from the outside.  Iphone 4s.

    Background: There can be old certificates that are still working for your exchange server and supporting your clients access trough old names (e.g. FQDN) Some mobile phones even don`t care about certificates and connect without checking for revocation.

    Please check the exch management console for active certificates.

    The only certificates I see are one that was created by Trend Micro ScanMail for Exchange and some other one that Exchange created itself.

    Anyways, I rebooted the server and it seems to have clear up any remaining "memory" or "cache" of the revoked certificate.  I am now not able to use OA or activesync, which is expected.

    Tnx.

    Tuesday, April 10, 2012 1:12 PM

All replies

  • Are you trying OA from inside your company? Which mobile phone are you using for activesync?

    Background: There can be old certificates that are still working for your exchange server and supporting your clients access trough old names (e.g. FQDN) Some mobile phones even don`t care about certificates and connect without checking for revocation.

    Please check the exch management console for active certificates.

    • Marked as answer by ccslai Tuesday, April 10, 2012 1:12 PM
    Tuesday, April 10, 2012 10:41 AM
  • Are you trying OA from inside your company? Which mobile phone are you using for activesync?

    Nope, OA from the outside.  Iphone 4s.

    Background: There can be old certificates that are still working for your exchange server and supporting your clients access trough old names (e.g. FQDN) Some mobile phones even don`t care about certificates and connect without checking for revocation.

    Please check the exch management console for active certificates.

    The only certificates I see are one that was created by Trend Micro ScanMail for Exchange and some other one that Exchange created itself.

    Anyways, I rebooted the server and it seems to have clear up any remaining "memory" or "cache" of the revoked certificate.  I am now not able to use OA or activesync, which is expected.

    Tnx.

    Tuesday, April 10, 2012 1:12 PM