Security certificate in Outlook 2003 and 2007

25 pts.
Tags:
Microsoft Outlook 2003
Microsoft Outlook 2007
Microsoft Windows 7
Security
I am Running Outlook 2007/Outlook 2003 on Windows 7/XP sp3 systems with pop mail from non exchange local e-mail server. The mail servers security certificate expired. I created a new self signed certificate and installed new server certificate on the clients, however I am getting certificate expired popups from Outlook.

In IE 8/7 I deleted the expired certificate from the Trusted Root Certificate Authorities, then imported the new certificate, but am still getting prompted from Outlook about server certificate being expired.

Internet Security Warning

The server you are connected to is using a security certificate

that could not be verified.

A required certificate is not within its validity period when

verifying against the current system clock or the timestamp in

the signed file

Do you want to continue using this server

View certificate

Yes                  NO

When I select view the certificate and select Certificate Path tab, it shows new server certificate and  a subset with the old expired certificate.

Servername certificate (Valid certificate)

      Servername certificate (invalid certificate)

Outlook is reading the expired certificate instead of the new certificate. How do I remove the subset from the certificate path?

No right click is available, the delete button from the keyboard does nothing. If I need to edit the register where do I find the info for the certificate within the registry? There are no certificates listed under e-mail security. There has to be somewhere in the registry that the certificate information is being stored for outlook to verify. The client has a cache of the old expired certificate somewhere that needs to be cleared.

My users are getting very annoyed with this and I need a solution please.

Please help!



Software/Hardware used:
Zimbra mail on SLES 10, Outlook 2007/2003, IE 8/7, Win 7/XPsp3

Answer Wiki

Thanks. We'll let you know when a new response is added.

The error indicates that an access to the server is finding a certification with a name that does not match the one used to access the server. Often this is because the certification has the FQDN but the name used to access the server is the simple host name OR u have not trusted the certification authority at the root. Try out this…..
Install Certificate when prompts with the Certificate > click Next > click to select the Place all certificate in the following store check box. Now click Browse > click Trusted Root Certification Authorities, and click OK. Again cick Next > Finish > Ok
Hope this resolves your problems. I am providing a reference for better TroubleShoot.

Please update me again!

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • GaryCarlisle
    Thanks for the input Rechil, however I had already done those steps and also click on the advance tab and set the certificate to be used for mail authentication. I stumbled on the solution on my own. I had renamed the old certificate but had left it in the directory. I moved the old certificate to another directory and ran the following command on the server. openssl x509 -in /opt/zimbra/ssl/zimbra/ca/ca.pem -outform DER -out ca.der The clients are now picking up the new cert from the server and all is working well with no prompts.
    25 pointsBadges:
    report
  • Stevesz
    I have found that self signed certs are rather problematic. The method proposed by Rechil does work, most times, but as you found out, it does not always work. However, right now, that is not your primary concern. You are getting a message indicating that the cert is expired. Since you have removed the old cert form the stores on the local machines, it would indicate that the problem lays on the server. You created a new cert and installed it. What did you do with the expired cert? Did you remove it from the server? If not, you will need to locate it and remove it.
    2,015 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following