Hi,
We have a exc2010(cas,hub,mbx) and a exc2013 CU2(cas,mbx) in our environment.
Our old star certificate was expired and I renewed cert from godady.
I install new certificate in to both servers exc2010 and exc2013. than I deleted old Certificate.
I enabled new certificate for IIS and SMTP services.
the security warning still appears.
If I open outlook internal site, outlook works properly with no certificate errors.
When i open outlook from external site (from home) i am getting the error message "The Security certificate has Expired or is not yet
valid" after this error message, clients work and send-receive mail with no error
I tried to use self certitificate and new CA certificate for testing, but users when start, getting the security certificate has expired
message.
How can I find where is this particular certificate used on the server.
Any help would greatly appreciated.
---------------------------------------
there is no event log about certificate errors (like event id 12014 or 12014 or 12016)
---------------------------------------
I run Get-ExchangeCertificate | FL
there are 3 certificates and none of them are expired.
I could see 3 certificates in the registry. (HKLM>Software>Microsoft>SystemCertificates>My>Certificates)
I could see MMC(local comp and user) and IIS Manager my certificates and none of them are expired.
I cant find old certificates on exchange server
---------------------------------------
I completed virual directory settings and outlook anywhere settings. internal and external as mail.companyname.com.tr
I have a mail record on the dns, I can ping "mail.companyname.com.tr" via local ip address.
my outlook exc proxy settings
https://mail.companyname.com.tr
msstd:mail.companyname.com.tr
NTLM authentication
checked all checkboxes
---------------------------------------
I tried to use providers commands
set-OutlookProvider -id EXPR -server "exc2013.companyname.com.tr" -CertPrincipalName "msstd:*.companyname.com.tr
I'm getting the same behavior from Outlook on the external site. (certificate isnot yet valid)
---------------------------------------
I was think maybe problem occurs from client computers than I tried to clean the SSL cache on the clients from ie options. but I could see
old certificates.
and again The warning pops up when users open outlook, other than that it doesn't affect anything. Users are still able to access email.
---------------------------------------
we have a record autodiscover.companyname.com.tr on the global DNS and have autodiscover services record on the local DNS.
---------------------------------------
I've tested RPC/HTTP connectivity on the textexchangeconnectivity.com
here is result;
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server companyname.com.tr on port 443.
The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=*.companyname.com.tr, OU=Domain Control Validated, O=*.companyname.com.tr, Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.",
L=Scottsdale, S=Arizona, C=US.
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name companyname.com.tr was found in the Certificate Subject Alternative Name entry.
Certificate trust is being validated.
Certificate trust validation failed.
Test Steps
The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=*.companyname.com.tr, OU=Domain
Control Validated, O=*.companyname.com.tr.
A certificate chain couldn't be constructed for the certificate.
Additional Details
The certificate chain has errors. Chain status = NotTimeValid.
---------------------------------------