Announcement

Collapse
No announcement yet.

SSL Problems

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SSL Problems

    Hi guys,

    I have a problem as one of my servers running SBS 2008 SP2 and Exchange 2007 SP2.

    Upon opening the application, the Outlook 2007 clients display the infamous ssl certificate error. I have tried numerous things and can not get it to go away.

    The SSL certificate it is displaying is different from that on the exchange server. The certificate it shows is a self signed certificate whereas the certificate on the server is infact a trusted one.

    I have run the command get-exchangecertificates to see what certificates are in use and I ended up deleting all certificates in the list except for the trusted one, yet the error still comes up on the clients.

    I don't understand where this is coming from since the certificate doesnt even exist in exchange (from what I can see)

    Thanks!!
    Last edited by gerdy; 2nd July 2010, 05:34.

  • #2
    Re: SSL Problems

    If all your clients are getting the same self signed cert, it has to be hosted on the server.

    I would check the server for that Cert, and not just limited to exchange, as opening Outlook sends requests to just about everywhere.

    If each client is getting its own self signed cert, then try removing the computer from the domain and readding it. See if that resolves the problem.

    Wofen
    Good to be back....

    Comment


    • #3
      Re: SSL Problems

      Have you checked the services that are assigned to that SSL certificate that is still present within Exchange 2007?

      Comment


      • #4
        Re: SSL Problems

        @Wofen: What other places or services does exchange use that would have a certificate link stored?

        @Virtual: How would I check what services are assigned to my certificate?

        Thanks for your help.

        Comment


        • #5
          Re: SSL Problems

          Run this command.

          Get-ExchangeCertificate | fl | out-file -filePath c:\certs.txt

          Review the certificate details. One of the lines mentions services.

          Comment


          • #6
            Re: SSL Problems

            IMAP, POP, IIS, SMTP are all set for my certificate

            Comment


            • #7
              Re: SSL Problems

              Have you tested this with a new user account, mailbox an therefore profile on a PC? Is it definitely a 3rd Party certificate being used? Have you tried removing the current SSL certificate and importing it back in again? You may need to do this out-of-hours.
              Last edited by Virtual; 5th July 2010, 06:54. Reason: Spelling

              Comment


              • #8
                Re: SSL Problems

                As this is SBS 2008, did you install the certificate through the wizards, manually, or through PowerShell?

                SSL certificate management with SBS 2008 is a pain, and has to be done in a certain way. If you didn't use the wizards, then you need to go back and use them. SBS 2008 will then ensure the correct wizard is in place. You cannot fix this using the traditional Exchange 2007 methods as it breaks SBS 2008 quite badly.

                Simon.
                --
                Simon Butler
                Exchange MVP

                Blog: http://blog.sembee.co.uk/
                More Exchange Content: http://exchange.sembee.info/
                Exchange Resources List: http://exbpa.com/
                In the UK? Hire me: http://www.sembee.co.uk/

                Sembee is a registered trademark, used here with permission.

                Comment


                • #9
                  Re: SSL Problems

                  This was done all by the wizard.

                  However I did notice that when I tried to reinstall the certificate to see if that would help, the only thing the wizard was configuring was Remote Web Workplace - Is this right?

                  Comment


                  • #10
                    Re: SSL Problems

                    As far as SBS 2008 is concerned, everything is part of RWW. I don't recall anything different for OWA. Therefore select your commercial certificate and allow the process to complete.

                    If you continue to get a self generated certificate popup, ensure that it is coming from the SBS Server and not somewhere else. Outlook tries a number of different URLs and therefore you can get prompts from locations that you might not be expecting.

                    Simon.
                    --
                    Simon Butler
                    Exchange MVP

                    Blog: http://blog.sembee.co.uk/
                    More Exchange Content: http://exchange.sembee.info/
                    Exchange Resources List: http://exbpa.com/
                    In the UK? Hire me: http://www.sembee.co.uk/

                    Sembee is a registered trademark, used here with permission.

                    Comment

                    Working...
                    X