Certificate Problems....need info

[Guest ridergroov]

Hi Folks. I'm trying to setup my certificate on our server running

Server Standard 2003 R2. I setup the certificate for

example.example.com which points to our server. I get the prompt to

continue from IE 7 and then I install the certificate in the trusted

root certificate authorities just like any other but this one never

sticks. I get use OWA just fine once I accept to continue. The next

time I go back to the site I have to "continue" again like it doesn't

know the cert is installed and if I go to install it again it acts

like the first time and has the "Install Certificate" button still.

Every other site I install the certificate from goes right into the

site and I never get asked about it again. Also, I cannot connect any

smart phones to the server for mobile email access. I can do this on

our SBS server but not the standard server. I don't have to do

anything in the SBS except go through the wizard and it makes the cert

so I don't know what I am doing wrong when I am doing it through the

standard server. I go to add/remove programs and add the certificate

service as desribe in this article (http://www.msexchange.org/

tutorials/SSL-Enabling-OWA-2003-Using-Free-3rdParty-

Certificate.html). Any help would be much appreciated. Thanks!

[Guest Brian Delaney [MSFT]]

RE: Certificate Problems....need info

 

Hello,

 

Can you please verify what it says at the prompt that you are receving when

you click continue. Based on your description of the problem I believe the

prompt that is coming up is when the certification authority is untrusted.

But in fact, there are three different reasons that this prompt may come up

and you need to verify specifically which one is causing the problem (there

will be a yellow exclamation point beside the problematic one).

 

The three reasons that you would get this prompt are:

1. The name on the certificate does not match the site you are accessing.

Ex. if the subject of the certificate is http://www.contoso.com but the site you

have typed into IE is mail.contoso.com. In this case you will always be

prompted with this when accessing the site, and the only way to fix it is

to issue a new certificate with the correct subject name.

 

2. The certificate is not yet valid or expired.

 

3. The certificate was issued by a company that you have chosen not to

trust (which here is of course where you would need to add the issuing CA

to your trusted root store)

 

As you seem to have already accomplished number 3, I would suspect number 1

is your problem.

 

Hope this helps,

 

Brian Delaney

Premier Field Engineer

Microsoft Canada

 

http://www.microsoft.com/premier/

--

 

This posting is provided "AS IS" with no warranties, and confers no rights.

 

--------------------

| From: ridergroov <ridergroov1@comcast.net>

| Newsgroups: microsoft.public.windows.server.general

| Subject: Certificate Problems....need info

|

| Hi Folks. I'm trying to setup my certificate on our server running

| Server Standard 2003 R2. I setup the certificate for

| example.example.com which points to our server. I get the prompt to

| continue from IE 7 and then I install the certificate in the trusted

| root certificate authorities just like any other but this one never

| sticks. I get use OWA just fine once I accept to continue. The next

| time I go back to the site I have to "continue" again like it doesn't

| know the cert is installed and if I go to install it again it acts

| like the first time and has the "Install Certificate" button still.

| Every other site I install the certificate from goes right into the

| site and I never get asked about it again. Also, I cannot connect any

| smart phones to the server for mobile email access. I can do this on

| our SBS server but not the standard server. I don't have to do

| anything in the SBS except go through the wizard and it makes the cert

| so I don't know what I am doing wrong when I am doing it through the

| standard server. I go to add/remove programs and add the certificate

| service as desribe in this article (http://www.msexchange.org/

| tutorials/SSL-Enabling-OWA-2003-Using-Free-3rdParty-

| Certificate.html). Any help would be much appreciated. Thanks!

|