locked
Error Connecting to Microsoft Exchange - Security Certificate RRS feed

  • Question

  • Hi,

    I am trying to setup my Outlook account @ home so i can access the Exchange Server at work. I am using Outlook 2007 and believe I have set the account up correctly, however when i enter my username and password, i receive the following error -

    "There is a problem with the proxy server's security certificate. The security certificate is not from a trusted certifying authority. Outlook is unable to connect to the proxy server remote.XXXXXXXXX.com.au. (Error Code 8)."

    Is there a way i can overcome this issue?

    I am running Windows 8 Release Preview.

    I apologise for the simply nature of this query (i know it's basic) but the IT Support at work is almost non-existent, so if something needs to be done, i'll have to do it.

    Thanks in advance,

    Ray.

    Sunday, July 1, 2012 9:31 AM

Answers

  • In Start menu or Run command, type mmc

    Go to the file menu, add / remove snapin

    select certificates, then computer account. (If it won't let you choose it, choose my user account)

    return to the console

    expand certificates to find the trusted root cert authority

    right click on trusted root, all tasks > Import

    select the cert you saved and import



    Diane Poremsky [MVP - Outlook]
    Outlook Daily Tips | Outlook & Exchange Solutions Center
    Subscribe to Exchange Messaging Outlook weekly newsletter

    • Marked as answer by Ray_Grey Tuesday, July 10, 2012 10:28 PM
    Monday, July 9, 2012 12:32 PM

All replies

  • Who issued the certificate? There should be a button on the certificate you can click to install it. (You may need to log into OWA in a browser to do this.)



    Diane Poremsky [MVP - Outlook]
    Outlook Daily Tips | Outlook & Exchange Solutions Center
    Subscribe to Exchange Messaging Outlook weekly newsletter

    • Marked as answer by Tony Chen CHN Thursday, July 5, 2012 8:57 AM
    • Unmarked as answer by Tony Chen CHN Thursday, July 12, 2012 9:42 AM
    Monday, July 2, 2012 2:21 AM
  • Unfortunately i'm not sure as it was already installed when i started. When i log into OWA, how can i install the certificate>?
    Thursday, July 5, 2012 10:20 AM
  • Based on the error message it says that you are attempting to make a connection over the Internet via a proxy  at somelocation. com.au and it has an invalid certificate. 

    Is this really what you intended to do? That specific certificate is invalid based on checking the path of the certificate, the date, etc. so the connection cannot be encrypted.

    Sounds like a self signed certificate which is not valid on the Internet in terms of a group of accepted authorities of which Microsoft maintains it's own list.

    As soon as whoever maintains that proxy gets a valid cert, it will work.  Whether your data is secure is a different story.

    "There is a problem with the proxy server's security certificate. The security certificate is not from a trusted certifying authority. Outlook is unable to connect to the proxy server remote.XXXXXXXXX.com.au. (Error Code 8)."

    Friday, July 6, 2012 4:16 AM
  • Hi cequs, 

    Thanks for the feedback and unfortunately it was what i was intending to do. 

    It seems that the company I work for has "self-signed" the certificate on their MS Exchange... is this correct?

    Why would they do this? To save $$??

    Thanks.

    Friday, July 6, 2012 9:50 AM
  • They do it for a number of reasons - beginning with, because they can. 

    To avoid the warning in Outlook, you need to manually install the certificate into the Trusted Root Authority folder on the client machine. Open OWA in a browser, open the certificate (should be a lock icon in the address bar - click it) - there should be button to install it locally.  By default it will install to 'Intermediate Certification Authorities' - you need it install it or move it to Trusted root. Outlook will let you look at the cert but will not let you install it - you need to use IE. (Firefox should work too.)



    Diane Poremsky [MVP - Outlook]
    Outlook Daily Tips | Outlook & Exchange Solutions Center
    Subscribe to Exchange Messaging Outlook weekly newsletter

    Friday, July 6, 2012 10:49 AM
  • Hi Diane,

    Thanks for the feedback.

    Where do I find the certificate so that I can manually install it into the Trusted Root Authority folder?

    Saturday, July 7, 2012 4:38 AM
  • Well, the last time i had to do this, I opened OWA in IE and saved the cert from there. But when I try it today, i don't see the Save button. I was finally able to save it from Outlook when the autodiscover dialog came  up with a View certificate button.


    Diane Poremsky [MVP - Outlook]
    Outlook Daily Tips | Outlook & Exchange Solutions Center
    Subscribe to Exchange Messaging Outlook weekly newsletter

    Saturday, July 7, 2012 3:38 PM
  • Is it possible that I don't have a certificate installed on my desktop at work?

    I just tried to download the certificate from Outlook 2010 and as per the attached screenshot, there doesn't appear to be one. 

    Do I need to download it off the Server directly?

    Monday, July 9, 2012 12:02 AM
  • Wrong dialog. :)  You may need to get the cert from your admin...  the dialog i get in outlook is the first screenshot at http://www.slipstick.com/outlook/security-certificate-not-from-trusted-certifying-authority/ - if you don't have the view certificate button on your warning in outlook or when you use owa, then the admin will need to provide the certificate.



    Diane Poremsky [MVP - Outlook]
    Outlook Daily Tips | Outlook & Exchange Solutions Center
    Subscribe to Exchange Messaging Outlook weekly newsletter

    Monday, July 9, 2012 12:50 AM
  • I think i might be in the right area now via OWA. 

    Is there a preferred format i should download the certificate in?

    Monday, July 9, 2012 1:03 AM
  • I don't think it matters, but i'm not a cert expert. :) 


    Diane Poremsky [MVP - Outlook]
    Outlook Daily Tips | Outlook & Exchange Solutions Center
    Subscribe to Exchange Messaging Outlook weekly newsletter

    Monday, July 9, 2012 1:09 AM
  • No probs... i'll give it a try tonight and let you know how i go.

    Thanks.

    Monday, July 9, 2012 1:10 AM
  • Hi Diane, 

    Can you tell me where the Trusted Root is so i can install this certificate?

    Monday, July 9, 2012 10:46 AM
  • In Start menu or Run command, type mmc

    Go to the file menu, add / remove snapin

    select certificates, then computer account. (If it won't let you choose it, choose my user account)

    return to the console

    expand certificates to find the trusted root cert authority

    right click on trusted root, all tasks > Import

    select the cert you saved and import



    Diane Poremsky [MVP - Outlook]
    Outlook Daily Tips | Outlook & Exchange Solutions Center
    Subscribe to Exchange Messaging Outlook weekly newsletter

    • Marked as answer by Ray_Grey Tuesday, July 10, 2012 10:28 PM
    Monday, July 9, 2012 12:32 PM
  • There are a number of "Containers" for CERTs within Windows, that are mapped back to various logical locations.

    In addition, you may want to create your own CERT folder and back up storage.

    However once you have located certmgr.msc you have access to the trusted roots, and intermediates. 

    At that point, once you import the CERT and assign the trust level you are done.

    It is not recommended to use self-signed CERTS for anything other than testing.  Therefore you should not trust that CERT if you are using the Internet.

    You can also get there via Credentials on the Control Panel, and Internet Explorer.

    Think about this for a minute. Have you checked the Certificate details so you know exactly to where you are connected?

    And if so, how are you sure? Diane is correct, you have to verify this from the Admin who created the CERT, and preferably via sneakernet.

    The Trust Center picture you clipped is for your personal S/MIME CERT, not for other peoples.  Other people's S/MIME CERTs get stored into Contacts on the Outlook desktop version. Normally after importing them first via the certmanager, or IE.

    This has no relationship to trusted or untrusted roots you may choose to trust outside the default list.


    • Edited by cequs Monday, July 9, 2012 7:46 PM
    • Proposed as answer by cequs Monday, July 9, 2012 7:47 PM
    Monday, July 9, 2012 7:43 PM
  • Hi Diane, 

    Thanks heaps for all your help, I installed the certificate last night @ home and was able to setup Outlook!!  :-)

    Ray.

    Tuesday, July 10, 2012 10:30 PM
  • Hi Cequs, 

    Thanks for your advice as well... much appreciated!!

    Ray.

    Tuesday, July 10, 2012 10:30 PM