locked
Outlook displays security certificate alert after I created new exchange xertificate RRS feed

  • Question

  • Hello All,

     My users began getting the security alert messag in Outlook so I followed directions to create a new self signed cert using ECM I added the new cert to IIS when I look at the cert it has the new valid date but Outlook still displays the security certificate alert warning. Strange thins is some pc's say the cert date is invalid but when you view cert the date are 3/1/2015 to 3/1/2016, other pc's say the name on the cert is invalid but the name is correct. Any ideas what is going on?

    Thanks for any thoughts ideas.

    AJINC

    Monday, March 2, 2015 4:46 AM

Answers

  • Do all of your clients trust the new certificate?  That's the problem with using a self-signed certificate, you have to add it to all clients' trusted root certificates.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Monday, March 2, 2015 4:49 AM
  • Hi,

    To make sure the right certificate is used by Outlook, please try:

    1. Remove unnecessary certificate on Exchange CAS server. Remove-ExchangeCertificate

    2. Make sure the right certificate is bind to IIS service. Set-ExchangeCertificate –service IIS

    3. After applying these changes, restart the IIS service.

    4. It’s better to go to the Outlook client, open MMC and add the certificate snap-in, remove the old ceritifcate it used.

    Thanks,

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Simon Wu
    TechNet Community Support

    Thursday, March 5, 2015 2:09 AM

All replies

  • Do all of your clients trust the new certificate?  That's the problem with using a self-signed certificate, you have to add it to all clients' trusted root certificates.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Monday, March 2, 2015 4:49 AM
  • Thanks for the quick reply, I instructed the site message to install the certificate and it said it was installed but I still got the cert security message when outlook starts up
    Monday, March 2, 2015 5:08 AM
  • I really don't understand what you're saying.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Monday, March 2, 2015 5:50 AM
  • Sorry,

    When the security certificate alert message displays in outlook you can click the "view certificate" button on that window then you can click the "Install certificate" button on the view certificate window. Is that where you add the certificate to the clients trusted root certificate? Hope this is explained clearer.

    Monday, March 2, 2015 6:12 AM
  • When you connect via OWA do you get a certificate warning?  What is the CN of the certificate?  Does it match what's set when you enter the command:
    Get-OutlookProvider -Identity EXPR | FL CertPrincipalName

    ?

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Monday, March 2, 2015 7:09 AM
  • When I open OWA I do get a certificate warning stating that the security certificate presented by this website was not issued by a trusted certificate authority.

    The certificate CN = SERIOUS-FS-01

    When I enter the command Get-OutlookProvider -Identity EXPR | FL CertPrincipalName I get

    CertPrincipalName :

    and no other information is displayed

    Tuesday, March 3, 2015 9:30 PM
  • You might want to change that CertPrincipalName to "msstd:SERIOUS-FS-01" without the quotes.

    But that won't help OWA.  The only thing that will help OWA is to make sure the certificate is trusted by your computer, and that's required for Outlook Anywhere as well even with the correct CertPrincipalName setting.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."


    Tuesday, March 3, 2015 10:05 PM
  • Will this help with Outlook?

    I am not using OWA I am using Outlook 2010 & 2013 clients.

    Tuesday, March 3, 2015 11:12 PM
  • Hi,

    To make sure the right certificate is used by Outlook, please try:

    1. Remove unnecessary certificate on Exchange CAS server. Remove-ExchangeCertificate

    2. Make sure the right certificate is bind to IIS service. Set-ExchangeCertificate –service IIS

    3. After applying these changes, restart the IIS service.

    4. It’s better to go to the Outlook client, open MMC and add the certificate snap-in, remove the old ceritifcate it used.

    Thanks,

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com


    Simon Wu
    TechNet Community Support

    Thursday, March 5, 2015 2:09 AM