locked
Exchange 2003 - SSL Certificate error RRS feed

  • Question

  • Hi,, I have ordered a replacement certificate from Thawte CA and was imported successfully to the server, however the following error appears

    1. On IIS - windows does no have enough information to verify this certificate

    2. The Issuer of this certificate could not be found

    3. On Internet - it seems as if certificate has been revoked, while it was not the case , replacement one was done

     

    Regards,,Steve

    Thursday, February 3, 2011 7:35 AM

Answers

  • Hi

    Thanks for everyone's input

    have managed to resolve the issue, there seems to be something wrong with certificate

    steps: i have requested reissue if certificate from CA 

    Imported the certificate once more to Exchange server 2003 on IIS Manager, certificate was valid

    Exported CA certificate from IIS Manager to another folder , then export to ISA server

    everything workes fine

     

    thanksmmmm

    • Marked as answer by Shakoane Monday, February 14, 2011 10:16 AM
    Monday, February 14, 2011 10:15 AM

All replies

  • Did you following the links carefully?:

    https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO3073

    https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO3074

    If you still have issues, I would work with Thawte support.  They may have specific instruction regarding installing Intermediate or Trusted Root certs.


    Tim Harrington | MVP: Exchange | MCITP: EMA 2007/2010, MCITP: Server 2008, MCTS: OCS | Blog: http://HowDoUC.blogspot.com | Twitter: @twharrington
    Thursday, February 3, 2011 2:43 PM
  • Hi

     

    I have gone through the websites and rework through asll the steps

    But now i got a different message: url - the security certificate presented by the website was not issued by a trusted CA

    Now Thawte suspect that maybe my Security team (ISA) did not install it correctly, will that be the reasonm i doubt indeed

    The revoked error seems to be vanishing but a new one prevails

     

    regards,,Steve

    Tuesday, February 8, 2011 6:14 AM
  • Make sure that you have the complete Certificate Chain installed on the Server

    If Thawte is issuing certificates from multiple CA's the complete Certificate chain needs to be present on the server

    -SR_


    Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread
    • Proposed as answer by SR_ Tuesday, February 8, 2011 9:11 AM
    Tuesday, February 8, 2011 9:10 AM
  • Please run the cmdlet below to check the detailed output of the certificates on the exchange server.

     

    Get-ExchangeCertificate | Fl

     

    As an additional information, you can refer to the following articles to troubleshoot the issue.

     

    "There is a problem with this website's security certificate" when you try to visit a secured website in Internet Explorer

     

    Securing an Exchange 2007 Client Access Server using a 3rd party SAN Certificate

     

    Thanks.

    Novak


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, February 9, 2011 1:58 AM
  • Hi Novak

    the comand won't work as this is Exchange Server 2003

    The certificate seems to be okayed now, but the problem is we cannot use OWA externally but internally does work

    when opening url externally, it just hangs and no progress

     

    Thursday, February 10, 2011 10:24 AM
  • Hi,,

    It is not Cartificate chain on the server

    Here is the story again, when doing nslookup on internet i got some different common name like: mail.name.co.xx instead of normal common name as owa.name.co.xx

    where might be the problem on ISA or Exchange??

     

    Thursday, February 10, 2011 1:24 PM
  • Hi

    Thanks for everyone's input

    have managed to resolve the issue, there seems to be something wrong with certificate

    steps: i have requested reissue if certificate from CA 

    Imported the certificate once more to Exchange server 2003 on IIS Manager, certificate was valid

    Exported CA certificate from IIS Manager to another folder , then export to ISA server

    everything workes fine

     

    thanksmmmm

    • Marked as answer by Shakoane Monday, February 14, 2011 10:16 AM
    Monday, February 14, 2011 10:15 AM