TLS not working due to invalid certificate
in [Microsoft Exchange]
|
From: chriske911 on 18 May 2010 04:37 without changing anything on our exchange 2007 server I got folowing error after a reboot: A certificate for the hostname "www.eu.company.com" could not be found. SSL or TLS encryption cannot be made to the IMAP service. running Get-ExchangeCertificate |fl gives me following result: AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {www.eu.company.com, autodiscover.eu.company.com, mail.eu.company.com,owa.eu.company.com, mail.eu.company.com, mailserver.eu.company.com, mailserver, eu.company.com} HasPrivateKey : True IsSelfSigned : False Issuer : CN=GlobalSign Domain Validation CA, O=GlobalSign nv-sa, OU=Domain Validation CA, C=BE NotAfter : 14/03/2011 NotBefore : 18/02/2010 PublicKeySize : 2048 RootCAType : Unknown SerialNumber : 0100000000012628645D6A Services : IMAP, POP, IIS, SMTP Status : Invalid Subject : CN=www.eu.company.com, O=www.eu.company.com, OU=Domain Control Validated, C=BE Thumbprint : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessRule,System.Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {mailserver.eu.company.com} HasPrivateKey : True IsSelfSigned : False Issuer : CN=euca, DC=eu, DC=icl-ltd, DC=com NotAfter : 5/12/2010 NotBefore : 5/12/2009 PublicKeySize : 1024 RootCAType : Enterprise SerialNumber : 4846622B00050000080C Services : SMTP Status : Valid Subject : CN=mailserver.eu.company.com Thumbprint : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx I did notice the invalid status but that was never an issue before and OWA and rpc over http are still working fine the only thing that isn't working is IMAP with TLS, all other services are OK what can I do to get TLS working again? thnx
From: WorkingHardInIt on 18 May 2010 16:30 Check if your Intermediate Authority's certificate in the computer's Intermediate Certificate Authorities store hasn't expired. If so get the most recent one from the CA's website and import it. Also verify the correct cert is being used. "chriske911" <chriske911nosp(a)m.yahoo.com> wrote in message news:#yg7UVm9KHA.3176(a)TK2MSFTNGP05.phx.gbl... > without changing anything on our exchange 2007 server I got folowing error > after a reboot: > > A certificate for the hostname "www.eu.company.com" could not be found. > SSL or TLS encryption cannot be made to the IMAP service. > > running Get-ExchangeCertificate |fl gives me following result: > > AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, > System.Security.AccessControl.CryptoKeyAccessRule, > System.Security.AccessControl.CryptoKeyAccessRule} > CertificateDomains : {www.eu.company.com, autodiscover.eu.company.com, > mail.eu.company.com,owa.eu.company.com, mail.eu.company.com, > mailserver.eu.company.com, mailserver, eu.company.com} > HasPrivateKey : True > IsSelfSigned : False > Issuer : CN=GlobalSign Domain Validation CA, O=GlobalSign > nv-sa, OU=Domain Validation CA, C=BE > NotAfter : 14/03/2011 > NotBefore : 18/02/2010 > PublicKeySize : 2048 > RootCAType : Unknown > SerialNumber : 0100000000012628645D6A > Services : IMAP, POP, IIS, SMTP > Status : Invalid > Subject : CN=www.eu.company.com, O=www.eu.company.com, > OU=Domain Control Validated, C=BE > Thumbprint : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, > System.Security.AccessControl.CryptoKeyAccessRule,System.Security.AccessControl.CryptoKeyAccessRule} > CertificateDomains : {mailserver.eu.company.com} > HasPrivateKey : True > IsSelfSigned : False > Issuer : CN=euca, DC=eu, DC=icl-ltd, DC=com > NotAfter : 5/12/2010 > NotBefore : 5/12/2009 > PublicKeySize : 1024 > RootCAType : Enterprise > SerialNumber : 4846622B00050000080C > Services : SMTP > Status : Valid > Subject : CN=mailserver.eu.company.com > Thumbprint : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx > > I did notice the invalid status but that was never an issue before > and OWA and rpc over http are still working fine > > the only thing that isn't working is IMAP with TLS, all other services are > OK > > what can I do to get TLS working again? > > thnx > >
From: chriske911 on 19 May 2010 09:42 After serious thinking WorkingHardInIt wrote : > Check if your Intermediate Authority's certificate in the computer's > Intermediate Certificate Authorities store hasn't expired. If so get the most > recent one from the CA's website and import it. Also verify the correct cert > is being used. > "chriske911" <chriske911nosp(a)m.yahoo.com> wrote in message > news:#yg7UVm9KHA.3176(a)TK2MSFTNGP05.phx.gbl... >> without changing anything on our exchange 2007 server I got folowing error >> after a reboot: >> >> A certificate for the hostname "www.eu.company.com" could not be found. SSL >> or TLS encryption cannot be made to the IMAP service. >> >> running Get-ExchangeCertificate |fl gives me following result: >> >> AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, >> System.Security.AccessControl.CryptoKeyAccessRule, >> System.Security.AccessControl.CryptoKeyAccessRule} >> CertificateDomains : {www.eu.company.com, autodiscover.eu.company.com, >> mail.eu.company.com,owa.eu.company.com, mail.eu.company.com, >> mailserver.eu.company.com, mailserver, eu.company.com} >> HasPrivateKey : True >> IsSelfSigned : False >> Issuer : CN=GlobalSign Domain Validation CA, O=GlobalSign >> nv-sa, OU=Domain Validation CA, C=BE >> NotAfter : 14/03/2011 >> NotBefore : 18/02/2010 >> PublicKeySize : 2048 >> RootCAType : Unknown >> SerialNumber : 0100000000012628645D6A >> Services : IMAP, POP, IIS, SMTP >> Status : Invalid >> Subject : CN=www.eu.company.com, O=www.eu.company.com, OU=Domain >> Control Validated, C=BE >> Thumbprint : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >> >> AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, >> System.Security.AccessControl.CryptoKeyAccessRule,System.Security.AccessControl.CryptoKeyAccessRule} >> CertificateDomains : {mailserver.eu.company.com} >> HasPrivateKey : True >> IsSelfSigned : False >> Issuer : CN=euca, DC=eu, DC=icl-ltd, DC=com >> NotAfter : 5/12/2010 >> NotBefore : 5/12/2009 >> PublicKeySize : 1024 >> RootCAType : Enterprise >> SerialNumber : 4846622B00050000080C >> Services : SMTP >> Status : Valid >> Subject : CN=mailserver.eu.company.com >> Thumbprint : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx >> >> I did notice the invalid status but that was never an issue before >> and OWA and rpc over http are still working fine >> >> the only thing that isn't working is IMAP with TLS, all other services are >> OK >> >> what can I do to get TLS working again? >> >> thnx >> >> when I look in the local certificates MMC everything is OK Globalsign root and intermediate certificates are valid certificate chain is OK certificate wise I think it is all dandy fine I do find a number of links in regards to this error when I Google it so far I haven't been able to solve it following the many leads anyone else here that has had this issue? grtz
|
Pages: 1 Prev: explain UCE SCL rating, exchange 6.5 Next: exchange 2003 folder notofication |