Using certificate with Exchange 2007

20 pts.
Tags:
Exchange 2007
Outlook
Outlook 2000
Outlook error messages
Root Certificate
Windows Root Certificate
Hello need you help please to understand this issue i installed a selfsigned Windows certificate root to be used for connection of intern client. this certificate will be expired in few days, i got the warning ID 12018 in the app log After that we installed a private certificate (not selfsigned to be used for external clients) and we renewed the old certificate with Nex-Exchangecertificate command (we duplicated the certificate). Now, when i opened Outlook 2000 (MAPI) i got the warning below: "The server on which you are connected contain a certificate that can not be verified The certificate string was analysed but the root certificate is not approved" below the result of Get-ExchangeCertificate command: AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {HV0101, HV0101.fsb.priv} HasPrivateKey : True IsSelfSigned : True Issuer : CN=HV0101 NotAfter : 04/06/2009 14:16:15 NotBefore : 04/06/2008 14:16:15 PublicKeySize : 2048 RootCAType : None SerialNumber : 8373540B5A305D8B498C3AEB1EE3201C Services : IMAP, POP, SMTP Status : Valid Subject : CN=HV0101 Thumbprint : C33B068ED7B4ACF840AA65E6CF00E6F937D58A68 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {hv0101.fsb.priv} HasPrivateKey : True IsSelfSigned : False Issuer : CN=Commune_Fontenay, DC=fsb, DC=priv NotAfter : 13/01/2010 15:28:30 NotBefore : 14/01/2008 15:28:30 PublicKeySize : 1024 RootCAType : Enterprise SerialNumber : 1C87EB6400000000000F Services : IIS Status : Valid Subject : CN=hv0101.fsb.priv, OU=DSI, O=Commune de Fontenay sous Boi s, L=Fontenay sous Bois, S=94125, C=FR Thumbprint : F530E67AB5C268DF2BCEFC830C8D89601FDF5FD3 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {webmail.fontenay-sous-bois.fr} HasPrivateKey : True IsSelfSigned : False Issuer : CN=Commune_Fontenay, DC=fsb, DC=priv NotAfter : 13/01/2010 15:01:30 NotBefore : 14/01/2008 15:01:30 PublicKeySize : 1024 RootCAType : Enterprise SerialNumber : 1C6F31CD00000000000E Services : None Status : Valid Subject : CN=webmail.fontenay-sous-bois.fr, OU=DSI, O=Commune de Fon tenay sous Bois, L=Fontenay sous Bois, S=94125, C=FR Thumbprint : D1DB9726F7CCE18F0132624C25E0E7E8E967BF38 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {HV0101, HV0101.fsb.priv} HasPrivateKey : True IsSelfSigned : True Issuer : CN=HV0101 NotAfter : 19/06/2008 17:47:09 NotBefore : 19/06/2007 17:47:09 PublicKeySize : 2048 RootCAType : GroupPolicy SerialNumber : F4B02D0339D678B94DB322D5270922D1 Services : IMAP, POP, SMTP Status : Valid Subject : CN=HV0101 Thumbprint : B2CD27E95C47BAEF990C9A192A071BBB34757C34
ASKED: June 6, 2008  7:09 AM
UPDATED: June 6, 2008  1:23 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

This means that your clients do not understand the authority of the root CA that issued this certificate. The traffic is still encrypted but the identity of the server may be in question to the clients. You will need to somehow get the ROOT CA published to the clients so they know it is authoritative for your organization.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following