+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Windows Thread, Exchange 2007 - Need help with certificates for autodiscover in Technical; I have had this issue for a while now with regards to exchange 2007 and outlook 2007/2010 and i need ...
  1. #1
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,051
    Thank Post
    308
    Thanked 293 Times in 203 Posts
    Rep Power
    120

    Exchange 2007 - Need help with certificates for autodiscover

    I have had this issue for a while now with regards to exchange 2007 and outlook 2007/2010 and i need some help.

    Every time i start outlook i keep getting 2 warnings..

    Autodiscover.domain.co.uk

    Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.

    "Red Cross" The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority.

    "Green Tick" The security certificate date is valid

    "Red Cross" The name on the security certificate is invalid or does not match the name of the site.


    Then i get this one:

    "nameofServer.shs.com"

    Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.

    "Red Cross" The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority.

    "Green Tick" The security certificate date is valid

    "Green Tick" The name on the security certificate is invalid or does not match the name of the site.


    Can anyone help me sort this on going problem out please. It has been driving me nuts for the last god knows how many years.

    Thanks
    Last edited by timbo343; 7th January 2011 at 08:39 AM.

  2. #2
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,051
    Thank Post
    308
    Thanked 293 Times in 203 Posts
    Rep Power
    120
    OK i have managed to get a green tick on autodiscover: The security certificate has a valid name but still got a red cross on The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority.

  3. #3

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    Where did the certificate come from? How did you make it (or get it)?

    Answer to those questions will save time talking about the wrong aspects here.

  4. #4

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,362
    Thank Post
    1,500
    Thanked 1,053 Times in 922 Posts
    Rep Power
    303
    Answer who its issued by, and then that should help, or install the certificate as part of the domain and then it will be automatically trusted on all domained PCs and jobs a good-un

  5. #5
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,051
    Thank Post
    308
    Thanked 293 Times in 203 Posts
    Rep Power
    120
    Quote Originally Posted by PiqueABoo View Post
    Where did the certificate come from? How did you make it (or get it)?

    Answer to those questions will save time talking about the wrong aspects here.
    The certificate was set up by me on the exchange server using new-exchangecertificate in powershell giving it services such as SMTP, POP, IMAP and IIS.

    @john: install the certificate part of the domain, just remind me how to do that... im starting to lose my mind and not in a good way.. Does it need to go into my certificate store on the exchange server? AMm blooming useless when it comes to certificates
    Last edited by timbo343; 8th January 2011 at 10:32 AM.

  6. #6
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,988
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    107
    You need to add the issuing server as a trusted certificate authority. I think this is what you need.

  7. Thanks to ChrisH from:

    timbo343 (8th January 2011)

  8. #7
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,051
    Thank Post
    308
    Thanked 293 Times in 203 Posts
    Rep Power
    120
    Thanks Chris. I shall see how that goes.

    At the mo, exchange is only accessable internally, so at the mo not using ssl on OWA. With adding this certificate into trusted certificate authority in Group Policy, should i be able to use SSL on owa? If not, how do i go about it?

  9. #8

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,362
    Thank Post
    1,500
    Thanked 1,053 Times in 922 Posts
    Rep Power
    303
    Eeer I'll remote to my DC and write down where you stick the certificates as I cannot remember off the top of my head, its done via GPO though so really simple. I have my Smoothwall HTTPS interception one there and its been great

  10. Thanks to john from:

    timbo343 (8th January 2011)

  11. #9
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,051
    Thank Post
    308
    Thanked 293 Times in 203 Posts
    Rep Power
    120
    Quote Originally Posted by john View Post
    Eeer I'll remote to my DC and write down where you stick the certificates as I cannot remember off the top of my head, its done via GPO though so really simple. I have my Smoothwall HTTPS interception one there and its been great
    Thanks mate

  12. #10

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,362
    Thank Post
    1,500
    Thanked 1,053 Times in 922 Posts
    Rep Power
    303
    Export the certificate as normal, and then import it to the following location:

    Default Domain Policy (or a fairly high up one of your choice) > Computer Config > Policies > Windows Settings > Security Settings > Public Key Policies > Trusted Root CAs on that screen, right click the panel and import, follow the wizard (normal standard MS style wizard as you get when import a SSL Certificate on a workstation). That then goes to all the machines that GPO covers and then it will check against that and go oh yeh I like it

    Always worked well for me that way, fingers crossed it does for you as well. Autodiscover is great i've not configured anyones outlook manually since we moved to Exchange.

  13. #11
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,051
    Thank Post
    308
    Thanked 293 Times in 203 Posts
    Rep Power
    120
    Thanks for the location. I have put it in there. Does that mean i can use the OWA as SSL internally or not?

  14. #12
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,988
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    107
    Quote Originally Posted by timbo343 View Post
    Thanks for the location. I have put it in there. Does that mean i can use the OWA as SSL internally or not?
    Should do if it was certificate errors that were letting you down before.

  15. #13

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,362
    Thank Post
    1,500
    Thanked 1,053 Times in 922 Posts
    Rep Power
    303
    Assuming you have assigned that certificate to OWA in the ECP.

  16. #14

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    ::sob:: Beaten to it, just a few minor points worth adding..

    "Self-signed" certificates are root certificates which is why it goes in the root store... if you let the certificate import dialog (part of CAPI the crypo API) choose where to put it, it never seems to get it right, but that may be smarter in Win7 (I haven't tried).

    You said you'd flagged the cert for use in IIS, so it definitely should just work for OWA once you've got the cert distributed.

    Do you use POP3 & IMAP? I always turn those off and just stick to OWA and full Outlook. At the very least try and get rid of POP3 before someone decides to use it then downloads (& deletes from server) their mail.. and by-and-by loses/trashes it.

  17. #15
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    3,051
    Thank Post
    308
    Thanked 293 Times in 203 Posts
    Rep Power
    120
    Quote Originally Posted by PiqueABoo View Post
    ::sob:: Beaten to it, just a few minor points worth adding..

    "Self-signed" certificates are root certificates which is why it goes in the root store... if you let the certificate import dialog (part of CAPI the crypo API) choose where to put it, it never seems to get it right, but that may be smarter in Win7 (I haven't tried).

    You said you'd flagged the cert for use in IIS, so it definitely should just work for OWA once you've got the cert distributed.

    Do you use POP3 & IMAP? I always turn those off and just stick to OWA and full Outlook. At the very least try and get rid of POP3 before someone decides to use it then downloads (& deletes from server) their mail.. and by-and-by loses/trashes it.
    Nah, i dont use POP3 or IMAP. Like you said, sometimes, it can do more damage than what it is worth.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. exchange 2007 certificates
    By caffrey in forum Windows Server 2008 R2
    Replies: 20
    Last Post: 14th December 2010, 09:06 AM
  2. in a muddle with exchange 2010 sp1 (owa and certificates)
    By sacrej in forum Windows Server 2008 R2
    Replies: 5
    Last Post: 13th October 2010, 09:26 AM
  3. Moving exchange 2007 to another exchange 2007 box
    By irsprint84 in forum Windows Server 2008
    Replies: 7
    Last Post: 7th September 2010, 09:10 AM
  4. Exchange 2007 Moss 2007 offline
    By imiddleton25 in forum Windows
    Replies: 0
    Last Post: 10th November 2009, 10:13 AM
  5. SSL Certificates for Exchange 2007
    By jdibsdale in forum Windows
    Replies: 14
    Last Post: 29th May 2009, 06:40 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •