Security certificate in Outlook 2003 and 2007
I am Running Outlook 2007/Outlook
2003 on Windows 7/XP sp3 systems with pop mail from non exchange local e-mail
server. The mail servers security certificate expired. I created a new self
signed certificate and installed new server certificate on the clients, however
I am getting certificate expired popups from Outlook.
In IE 8/7 I deleted the expired certificate from the Trusted Root Certificate Authorities, then imported the new certificate, but am still getting prompted from Outlook about server certificate being expired.
Internet Security Warning
The server you are connected to is using a security certificate
that could not be verified.
A required certificate is not within its validity period when
verifying against the current system clock or the timestamp in
the signed file
Do you want to continue using this server
View certificate
Yes NO
When I select view the certificate and select Certificate Path tab, it shows new server certificate and a subset with the old expired certificate.
Servername certificate (Valid certificate)
Servername certificate (invalid certificate)
Outlook is reading the expired certificate instead of the new certificate. How do I remove the subset from the certificate path?
No right click is available, the delete button from the keyboard does nothing. If I need to edit the register where do I find the info for the certificate within the registry? There are no certificates listed under e-mail security. There has to be somewhere in the registry that the certificate information is being stored for outlook to verify. The client has a cache of the old expired certificate somewhere that needs to be cleared.
My users are getting very annoyed with this and I need a solution please.
Please help!
Software/Hardware used:
Zimbra mail on SLES 10, Outlook 2007/2003, IE 8/7, Win 7/XPsp3
In IE 8/7 I deleted the expired certificate from the Trusted Root Certificate Authorities, then imported the new certificate, but am still getting prompted from Outlook about server certificate being expired.
Internet Security Warning
The server you are connected to is using a security certificate
that could not be verified.
A required certificate is not within its validity period when
verifying against the current system clock or the timestamp in
the signed file
Do you want to continue using this server
View certificate
Yes NO
When I select view the certificate and select Certificate Path tab, it shows new server certificate and a subset with the old expired certificate.
Servername certificate (Valid certificate)
Servername certificate (invalid certificate)
Outlook is reading the expired certificate instead of the new certificate. How do I remove the subset from the certificate path?
No right click is available, the delete button from the keyboard does nothing. If I need to edit the register where do I find the info for the certificate within the registry? There are no certificates listed under e-mail security. There has to be somewhere in the registry that the certificate information is being stored for outlook to verify. The client has a cache of the old expired certificate somewhere that needs to be cleared.
My users are getting very annoyed with this and I need a solution please.
Please help!
Software/Hardware used:
Zimbra mail on SLES 10, Outlook 2007/2003, IE 8/7, Win 7/XPsp3
ASKED:
February 3, 2011 10:46 PM
UPDATED:
February 8, 2011 5:42 PM
Answer Wiki:
The error indicates that an access to the server is finding a certification with a name that does not match the one used to access the server. Often this is because the certification has the FQDN but the name used to access the server is the simple host name OR u have not trusted the certification authority at the root. try out this.....
Install Certificate when prompts with the Certificate > click Next > click to select the Place all certificate in the following store check box. Now click Browse > click Trusted Root Certification Authorities, and click OK. Again cick Next > Finish > Ok
Hope this resolves ur problems. I am providing two <a href="http://www.globalsign.com/support/personal-certificate/per_outlook07.html">References</a> for better <a href="http://support.microsoft.com/kb/940726">TroubleShoot</a>.
Please update me again !
To see all answers submitted to the Answer Wiki: View Answer History.
Thanks for the input Rechil, however I had already done those steps and also click on the advance tab and set the certificate to be used for mail authentication.
I stumbled on the solution on my own.
I had renamed the old certificate but had left it in the directory. I moved the old certificate to another directory and ran the following command on the server.
openssl x509 -in /opt/zimbra/ssl/zimbra/ca/ca.pem -outform DER -out ca.der
The clients are now picking up the new cert from the server and all is working well with no prompts.
I have found that self signed certs are rather problematic. The method proposed by Rechil does work, most times, but as you found out, it does not always work. However, right now, that is not your primary concern. You are getting a message indicating that the cert is expired. Since you have removed the old cert form the stores on the local machines, it would indicate that the problem lays on the server. You created a new cert and installed it. What did you do with the expired cert? Did you remove it from the server? If not, you will need to locate it and remove it.