SSL HELL!!!
Granted, I don't know that much about SSL but the fog gets much much thicker now that I'm working on Exchange 2007 with ISA 2006. Nearly all organizations that I've worked with/for have always used self signed certs. I'm working with a client that has: (1)Single server Exchange 2007 Enterprise (1) ISA 2006 Useingaself signed cert from a server that no longer exists in the domain for the default website in IIS. The SSL cert just expired and now OWA clients can't connect. On the logs I'm getting: Inbound direct trust certificate with thumbprint B9D0E6B86A6BF1D53X3F10XXXADF6334A2A98XXX has expired. Run New-ExchangeCertificate to generate a new direct trust certificate. So I did just that: I ran NEW-EXCHANGECERTIFICATE in the shell management console. Still I get that message. Am I supposed to do something else? ALSO - I installed the Certsrv onto the Exchange box and generated a new cert for OWA and installed it in IIS and imported it into the Cert store but it's still not working. The clients are getting: Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019) If I VIEW the cert in IIS, it looks hunky dory and IT says that it's ok. I haven't touched ISA yet as am remoting in. They are planning on buying ssl certs as I'm pretty sure that's why their ActiveSync isn't working. Can anyone confirm or deny that this would be the cuase? HELP ME. Please please ! Some expert PLEASE help!!!!!!!!!!
February 7th, 2008 3:57am

authority that is not trusted Install Trust Authority again in Trusted Root CA! Try,man.
Free Windows Admin Tool Kit Click here and download it now
February 7th, 2008 5:55pm

Hi, Itwill be much easier to buy a SSL cert from a trusted provider. In this way you don't need to install root certificates on mobile devices and OWA clients won't get a warning about a certificate from an untrusted source. Leif
February 8th, 2008 1:08am

Thanks Leif, that's helpful information. I have ISA 2006 server in front of the exchange and this, I believe is were the problem is occuring and I can't figure it out with the self signed cert. I really think it's ok on the exchange box but when I import it to the ISA box and try to use it on the web listener it doesn't like the cert. It says tha it's invalid. My question to you is: when we buy certs from, do I need to buy one for the exchange box AND one for the ISA box? Thanks!
Free Windows Admin Tool Kit Click here and download it now
February 11th, 2008 3:44am

I have the same problem. Try this article. (Try to do it the exact same way.) http://www.isaserver.org/articles/2004pubowartm.html Regards
March 4th, 2008 10:49am

Hi mate! Do you still have this problem? What is the Certificate Status? Is the Certification Path correct? Cheers, Yuri
Free Windows Admin Tool Kit Click here and download it now
April 3rd, 2008 4:14pm

Is the CA certificate of the new OWA certificate available to the clients? Clients must have that Root CA certificate.
April 3rd, 2008 4:32pm

I should have closed this thread a long time ago. Yes, the cert was in the correct path. Tried everything I could think of but just couldn't make the self-certs work, it was madness. So, I just advised the company that hired me to buy certs from a trusted authority. After that it worked like a charm and got it to work without any hassles within minutes. Thanks to all those that posted comments. Chig
Free Windows Admin Tool Kit Click here and download it now
April 3rd, 2008 7:36pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics