SSL certificate issue for all clients

Question

I had exchange 2013 installed on Windows 2012 server and all way happy until I attempted to add remote access role. This failed the first time, and I had to remove the role and re-add the role. Remote Access is working fine, however, I now have a very annoying issue with every PC on the network not being able to confirm the SSL certificate. When outlook connects, and tries to set up the profile, we get an error like this:

enter image description here

Now this is the same error (but just a random google image) I have to then view the certificate and install on any machine and the end users certainly cannot cope with this. It used to work all nicely.

How can I fix this please?

I had to re-apply ssl certificates in IIS, and I suspect this is where the issue lies - can I reset all certificates?

Did you just generate an selfsigned cert when install the remote access role? I've only run that process once and I think somewhere it requires an ssl to be installed — Drifter104, Jul 15 '15 at 11:40

score 0 · Answer 1 · answered Jul 15 '15 at 11:42

0

This is a common issue when you use a self-signed certificate together with the CAS role.

You want to install a certificate that is not a self-signed certificate, from a CA in your organization, or by purchasing a third-party certificate.

Alternatively, if you want to use that certificate, and you're in an AD domain, you can use a GPO to distribute the certificate to client computers.

answered Jul 15 '15 at 11:42

Reaces

5,597
4
38
46

I will be purchasing an external domain one, eg remote.domain.com, but will I also then need an internal one too? svr.domain.local ? It worked until Remote Access screwed something up - can I put it back to how it was? OUtlook used to not have any issues with the automatically generated self assigned certificate it created when it was installed? – Simon Jul 15 '15 at 16:00

score 0 · Accepted Answer · answered Jul 22 '15 at 12:43

Here is what I did to fix the issue.

Purchased the external domain certificate and installed that as per instructions here https://www.digicert.com/csr-creation-microsoft-exchange-2013.htm
Installed as per here https://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2013.htm
Resolved the certificate issue by following this post http:// www. unixwiz.net/techtips/deploy-webcert-gp.html

The last post shows how to get the certificate and then deploy via group policy.

All tested and working OK.

SSL certificate issue for all clients

2 Answers2