Exchange 2010 Certificate Issues
Basically we:
Create a Certificate Request *.req file using the EMC wizard (enabling it for OWA, ActiveSync etc)
Request a certificate from the internal subordinate CA via web enrolment
Issue the request via the Certificate Authority console
Export the certificate to a *.cer file via web enrolment
Complete the exchange certificate request via the EMC
We are in a unique scenario where the internet connection is direct to the web without using a proxy. We have investigated KB979694, and msexchangeblog article
“EMC and certificates with failed revocation checks in Exchange 2010” without any progress.
KB979694 This KB artical is the error we are getting but we still can not fix the issue.
http://support.microsoft.com/kb/979694
January 5th, 2011 7:34pm
open up and MMC, add the certificates snap of the local computer (you would need to be logged into the CAS server for this), look at the personal store and open the certificate in question. On the first tab do you see any red circles with an "X" in it?
If so you need to find out why the cert is hosed. It could be the date, it could be the certificate chain (meaning it doesnt have the root CA's cert loaded in the Trusted Root CA store or Intermediate CA's cert in the Intermediate CA's store), etc.Chris Morgan
Free Windows Admin Tool Kit Click here and download it now
January 5th, 2011 8:50pm
Thanks for the replay
I checked your sugestion and the Cert is fine the problem is with Exchange not accepting the cert as it can not connect to the internet correctly.
ATM I can not change the firewall only port 80/443 is allowed out and in to the internet and I am having problems tring to use the proxy as listed in KB979694.
I have screen shots at the Certs if anyone want's to see.
January 5th, 2011 9:12pm
Fixed the problem, The Exchange server needed the Cert chain installed
Free Windows Admin Tool Kit Click here and download it now
January 5th, 2011 11:53pm
Thought you said the cert was fine after I suggested to check the chain?Chris Morgan
January 5th, 2011 11:58pm
I was looking for the Red X in your message and looking at the Cert it was saying it was ok. Reread your message after lunch and found the issue.
Free Windows Admin Tool Kit Click here and download it now
January 6th, 2011 5:43am
On Thu, 6 Jan 2011 04:48:25 +0000, chocky005 wrote:
>Fixed the problem, The Exchange server needed the Cert chain installed
This is a pretty good tool to use when there are questions about
certificates being installe correctly:
http://www.digicert.com/help/
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
January 6th, 2011 5:12pm
Thanks I'll have a look
Free Windows Admin Tool Kit Click here and download it now
January 6th, 2011 5:16pm