Exchange Certificate Popup

1385 pts.
Microsoft Exchange 2007
Microsoft Outlook 2010
SSL Certificates
SSL Exchange
I get an issue on some users where Certificate error popup pops up, i narrowed down that this only happens to some users using outlook 2010, anyone got any info regarding this or what i need to look at? We run Exchange 2007 Exchange 2007 self signed smtp cert and havent got a PKI in place We only use entrust as our Trusted Cert Authority for Webmail SSL, Autodiscover etc, Thanks

Software/Hardware used:
Exchange 2007, Outlook 2010

Answer Wiki

Thanks. We'll let you know when a new response is added.

I had used ever fix I have read about none worked. I went to Outlook and was checking  all the tools checked everything I could check and found where I could check use Default program for Outlook  and I do not get the popup anymore.

Discuss This Question: 3  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Subhendu Sen
    It is not a solutions, better take as suggestions or just for try out this.... If there is auto-discover with Outlook 2007, it requires authentication separately from OWA. There are several ways of setting up the certificate to eliminate the Pop-up..... New SSL Cert from external authority with Multiple Names , it is easy to implement but costly or SRV record in external DNS and requires users (who have faced) to accept a pop-up and check don't show this again.
    138,660 pointsBadges:
  • LauraN
    Hi there, First, this depends on the specific error they are receiving. I found a similar issue on the ExchangeServer forums regarding the certification error: The security certificate was issued by a company you have not chosen to trust Hope there is something in there that'll help you out. The first tip regards what he calls 'internal users': When internal user try to use outlook to connect exchange Server, outlook will try to find the e-mail address and exchange server name from AD. After that it will look for SCP and then find the correct the autodiscover server to connect, retrieve settings. So during the process of connecting to exchange server, it will have to use autodiscover to connect and retrieve user settings. So certificate regard to autodiscover will cause the issue. Another user states that the certificate warning is considered by "design", i.e. domain joined Outlook 2007 clients would ignore the validity check. This is not the case with Exchange 2010, Outlook 2010. The only way around this is to either purchase a 3rd party SAN certificate from a public CA or if it's for testing purposes only, install Windows 2008 Active Directory CA and initiate a SAN certificate request from Exchange 2010 which your Windows 2008 CA will issue. This works a charm and I have done it a number of times in a dev environment. Finally, someone provided this tip: If, as recommended , you want to use an external 3rd party certificate for your exchange server you have to change the autodiscover internal URI for stopping outlook to prompt for certificate warning I've generate a single name ( not SAN ) certificate for our server ie ( the internal domain being company.local ) Then I installed it on the CAS server I used the following command on the CAS server to change the URI Set-ClientAccessServer -Identity "<ExchangeClient Access Server name>" -AutoDiscoverServiceInternalUri "" Hope this help stefano
    0 pointsBadges:
  • IceCubbe
    @Laura Thanks for your response, i was just hoping for a way around it without creating a PKI or purschase a cert, but i guess we will just have to go that route, Regards
    1,385 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: