Using certificate with Exchange 2007
Exchange 2007, Outlook, Outlook 2000, Outlook error messages, Root Certificate, Windows Root Certificate
Hello
need you help please to understand this issue
i installed a selfsigned Windows certificate root to be used for connection of intern client. this certificate will be expired in few days, i got the warning ID 12018 in the app log
After that we installed a private certificate (not selfsigned to be used for external clients) and we renewed the old certificate with Nex-Exchangecertificate command (we duplicated the certificate).
Now, when i opened Outlook 2000 (MAPI) i got the warning below:
"The server on which you are connected contain a certificate that can not be verified
The certificate string was analysed but the root certificate is not approved"
below the result of Get-ExchangeCertificate command:
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {HV0101, HV0101.fsb.priv}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=HV0101
NotAfter : 04/06/2009 14:16:15
NotBefore : 04/06/2008 14:16:15
PublicKeySize : 2048
RootCAType : None
SerialNumber : 8373540B5A305D8B498C3AEB1EE3201C
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=HV0101
Thumbprint : C33B068ED7B4ACF840AA65E6CF00E6F937D58A68
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {hv0101.fsb.priv}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Commune_Fontenay, DC=fsb, DC=priv
NotAfter : 13/01/2010 15:28:30
NotBefore : 14/01/2008 15:28:30
PublicKeySize : 1024
RootCAType : Enterprise
SerialNumber : 1C87EB6400000000000F
Services : IIS
Status : Valid
Subject : CN=hv0101.fsb.priv, OU=DSI, O=Commune de Fontenay sous Boi
s, L=Fontenay sous Bois, S=94125, C=FR
Thumbprint : F530E67AB5C268DF2BCEFC830C8D89601FDF5FD3
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {webmail.fontenay-sous-bois.fr}
HasPrivateKey : True
IsSelfSigned : False
Issuer : CN=Commune_Fontenay, DC=fsb, DC=priv
NotAfter : 13/01/2010 15:01:30
NotBefore : 14/01/2008 15:01:30
PublicKeySize : 1024
RootCAType : Enterprise
SerialNumber : 1C6F31CD00000000000E
Services : None
Status : Valid
Subject : CN=webmail.fontenay-sous-bois.fr, OU=DSI, O=Commune de Fon
tenay sous Bois, L=Fontenay sous Bois, S=94125, C=FR
Thumbprint : D1DB9726F7CCE18F0132624C25E0E7E8E967BF38
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {HV0101, HV0101.fsb.priv}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=HV0101
NotAfter : 19/06/2008 17:47:09
NotBefore : 19/06/2007 17:47:09
PublicKeySize : 2048
RootCAType : GroupPolicy
SerialNumber : F4B02D0339D678B94DB322D5270922D1
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=HV0101
Thumbprint : B2CD27E95C47BAEF990C9A192A071BBB34757C34
Software/Hardware used:
Software/Hardware used:
ASKED:
June 6, 2008 7:09 AM
UPDATED:
June 6, 2008 1:23 PM
Answer Wiki:
This means that your clients do not understand the authority of the root CA that issued this certificate. The traffic is still encrypted but the identity of the server may be in question to the clients. You will need to somehow get the ROOT CA published to the clients so they know it is authoritative for your organization.
To see all answers submitted to the Answer Wiki: View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
