locked
SSL Certificate exchange 2010 outlook error. RRS feed

  • Question

  • Hi 

    recently i have renewed the SSL certificate from godaddy and got a new certificate, 

    i have 2 cas hub server. 

    i have install the certficated from exchange Management console by completing pending certificate requests and then assign the services IIS & SMTP.

    exported the certificate to other cas server and imported the certificate from Exchange mmc & assigned the services IIS & SMTP. 

    now some of my few clients are facing the error while access outlook

    Error 1 : the security certificate issued by you company you have not chosen to trust.  choose whether you want to trust the certifying authority.

    Error 2 : There is a problem with the proxy server  security certificate. the security certificate is not from trusted certfying authority.

    Note :  i have check with other websites, it ask me to install the godaddy certificate on trusted folder in cas server , i tried to do this an error pops up warning the certificate will be replace with thumprint etc..

    Please let me know how to solve this issue.

    thank you 

    Sunday, April 24, 2016 10:46 AM

Answers

  • Hi 

    thanks for your feedback and support, i have solved the issue by the below steps

    1. Added the certificate from godaddy in to trusted root store on both servers. 

    2. Give a restart to both the cas server 

    Till now i dint face any complains and issues from any users. i am still monitoring hope this will solve the problem

    FYI : Exchange 2010 with DAG & two CASHUB servers.

    Thank you 

    Monday, April 25, 2016 8:53 AM

All replies

  • First, you should always tell us the Exchange version, service pack and rollup hotfix level you're running no matter what you're asking because it really does make a different for many questions.

    Did you request a CSR for this new certificate from the Exchange server, submit the request to Go Daddy and complete the request on the Exchange server?  Then did you enable that certificate for the Exchange services?  Did you use the Exchange Certificate Wizard to do this?

    Did you install the Go Daddy intermediate certificates and root certificate?  Often there are new ones when you renew a certificate.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Sunday, April 24, 2016 11:34 PM
  • Hi,

    Have you seen any errors related cert when logging in owa?

    According to the error messages, the issue is related to your certificate side.

    Please tell us how do you request the certificate.

    I suggest you refer to the below link to generate a new Certificate Signing Request and renew the certificate:

    http://social.technet.microsoft.com/wiki/contents/articles/28809.steps-to-perform-ssl-certificate-renewal-in-exchange-20102013.aspx   

    Regards,

    David




    Monday, April 25, 2016 8:50 AM
    Moderator
  • Hi 

    thanks for your feedback and support, i have solved the issue by the below steps

    1. Added the certificate from godaddy in to trusted root store on both servers. 

    2. Give a restart to both the cas server 

    Till now i dint face any complains and issues from any users. i am still monitoring hope this will solve the problem

    FYI : Exchange 2010 with DAG & two CASHUB servers.

    Thank you 

    Monday, April 25, 2016 8:53 AM
  • Hi 

    just one more note please

    i have on more self signed certificate for both exchange 2010  cas hub1 & cashub2 server is used for IIS service.

    can you please let me know how can i renew this certificate

    steps please

    Thank you  

    Monday, April 25, 2016 1:15 PM
  • You renew the self-signed certificate by running the command:

    New-ExchangeCertificate

    with no parameters.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Monday, April 25, 2016 8:11 PM
  • Technically the intermediate certificates should be in the intermediates container.

    Please feel free to mark responses as the answer and/or helpful as appropriate.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Monday, April 25, 2016 8:12 PM
  • Hi,

    About renewing the self-signed cert, please also have a look at the above link which introduces the detailed steps.

    Regards,
    David 

    Tuesday, April 26, 2016 2:05 AM
    Moderator