Exchange certificate error outlook 2007 [Small Business Server]

Prev: Cannot start SBS Web Applications
Next: Migration Wizard

From: Firestone on 4 Dec 2009 12:01

We installed a GOdaddy SSL certificate on our exchange 2007 server. On
our outlook 2007 clients we are getting an outlook 2007 certificate
error. It looks like its pointing to our firewall (see attached file)

The error : This CA Root certificate is not trusted because it is not
in the Trusted Root Certification Authorities store.

We follewed instructions on how to install the certificate from
digicert.com. I assume these are correct.

We also checked out this blog
http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/

I'm wondering why the certificate is pointing to our Firewall Zyxel Usg
100 ?
Any ideas what we are doing wrong ?

+-------------------------------------------------------------------+
|Filename: foutmelding outlook certificaat.doc |
|Download: http://forums.techarena.in/attachment.php?attachmentid=10378|
+-------------------------------------------------------------------+

--
Firestone
------------------------------------------------------------------------
Firestone's Profile: http://forums.techarena.in/members/69228.htm
View this thread: http://forums.techarena.in/small-business-server/1278622.htm

http://forums.techarena.in

From: Lanwench [MVP - Exchange] on 4 Dec 2009 15:06

Firestone <Firestone.42ojvf(a)DoNotSpam.com> wrote:
> We installed a GOdaddy SSL certificate on our exchange 2007 server. On
> our outlook 2007 clients we are getting an outlook 2007 certificate
> error. It looks like its pointing to our firewall (see attached file)
>
> The error : This CA Root certificate is not trusted because it is not
> in the Trusted Root Certification Authorities store.
>
> We follewed instructions on how to install the certificate from
> digicert.com. I assume these are correct.
>
> We also checked out this blog
> http://www.shudnow.net/2007/08/10/outlook-2007-certificate-error/
>
> I'm wondering why the certificate is pointing to our Firewall Zyxel
> Usg 100 ?
> Any ideas what we are doing wrong ?
>
>
> +-------------------------------------------------------------------+
>> Filename: foutmelding outlook certificaat.doc |
>> Download:
>> http://forums.techarena.in/attachment.php?attachmentid=10378|
> +-------------------------------------------------------------------+

Hmmm - why would you use Digicert's instructions when you're using a Godaddy
cert? What kind of cert did you order? You need a UCC/SAN cert - and with
Godaddy you also have to install the intermediate cert.

Here's the Exchange dev team blog ..
http://msexchangeteam.com/archive/2007/04/30/438249.aspx

Here's info from Godaddy -
http://help.godaddy.com/topic/599/article/3908
http://help.godaddy.com/topic/742/article/4877

Note - I suggest you not use Egghead, Techarena or Google Groups to access
the newsgroups (they're fine for searching old posts but that's about it).
The interface doesn't quote properly, people often reply to posts which are
no longer on the news server, etc etc etc.

Try using a news client, such as Forte Agent, Thunderbird, etc. It's a lot
easier to do nearly everything that way. You
can mark messages to be watched, filter the views so you can see replies to
your posts easily, and search.

The Microsoft public news server is msnews.microsoft.com and you can
subscribe to as many groups as you like; no authentication is required.

The following is from a post by MVP Malke ...

-------------------------------------------------------
Here's information on Usenet and using a newsreader:

http://www.elephantboycomputers.com/page3.html#12-09-02 - a brief
explanation of newsgroups
http://michaelstevenstech.com/outlo...ssnewreader.htm
http://rickrogers.org/setupoe.htm
http://support.microsoft.com/defaul...wto/default.asp
- Set Up Newsreader

http://www.dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
http://aumha.org/nntp.htm - list of MS newsgroups
microsoft.public.test.here - MS group to test if your newsreader is
working properly
http://www.mailmsg.com/SPAM_munging.htm - how to munge email address
http://www.blakjak.demon.co.uk/mul_crss.htm - multiposting vs.
crossposting

Some newsreaders for Windows
http://www.forteinc.com/agent/index.php - for Forte
http://www.mozilla.org (Thunderbird does newsgroups)
http://gravity.tbates.org/

-------------------------------------

From: Lanwench [MVP - Exchange] on 4 Dec 2009 15:08

From: Paul van Brouwershaven on 5 Dec 2009 06:52

On 4 dec, 18:01, Firestone <Firestone.42o...(a)DoNotSpam.com> wrote:
> +-------------------------------------------------------------------+
> |Filename: foutmelding outlook certificaat.doc |
> |Download:http://forums.techarena.in/attachment.php?attachmentid=10378|
> +-------------------------------------------------------------------+
The first screenshot in this file is giving an error of a certificate
with a name (CN) that is not corresponding with the url you are
requesting. Probably because you didn't used a SAN certificate for
your configuration.

All other screenshots are from a certificate that are self signed and
not a certificated issued by Godaddy or an other trusted CA.

You need a UCC/SAN certificate as Lanwench already said

Pleas check these manuals (available in Dutch & English), if these are
not helping you just give them a call, they can help you with the
installation!

CSR generation:
http://www.networking4all.com/nl/helpdesk/ssl+certificaten/handleidingen/microsoft/exchange+2007/csr+aanmaken/

Certificate installation:
http://www.networking4all.com/nl/helpdesk/ssl+certificaten/handleidingen/microsoft/exchange+2007/certificaat+installeren/

SSL Certificate installation check, including a message for missing
intermediates:
http://www.ismysitesafe.com

From: Firestone on 5 Dec 2009 08:40

We requested an UCC certificate with Godaddy. I installed it like everyone
is suggesting me. Have no problems with OWA internally & externally. Only
with Outlook 2007 clients.

"Paul van Brouwershaven" wrote:

> On 4 dec, 18:01, Firestone <Firestone.42o...(a)DoNotSpam.com> wrote:
> > +-------------------------------------------------------------------+
> > |Filename: foutmelding outlook certificaat.doc |
> > |Download:http://forums.techarena.in/attachment.php?attachmentid=10378|
> > +-------------------------------------------------------------------+
> The first screenshot in this file is giving an error of a certificate
> with a name (CN) that is not corresponding with the url you are
> requesting. Probably because you didn't used a SAN certificate for
> your configuration.
>
> All other screenshots are from a certificate that are self signed and
> not a certificated issued by Godaddy or an other trusted CA.
>
> You need a UCC/SAN certificate as Lanwench already said
>
> Pleas check these manuals (available in Dutch & English), if these are
> not helping you just give them a call, they can help you with the
> installation!
>
> CSR generation:
> http://www.networking4all.com/nl/helpdesk/ssl+certificaten/handleidingen/microsoft/exchange+2007/csr+aanmaken/
>
> Certificate installation:
> http://www.networking4all.com/nl/helpdesk/ssl+certificaten/handleidingen/microsoft/exchange+2007/certificaat+installeren/
>
> SSL Certificate installation check, including a message for missing
> intermediates:
> http://www.ismysitesafe.com
> .
>

| Next | Last
Pages: 1 2
Prev: Cannot start SBS Web Applications
Next: Migration Wizard