The SSL certificate is essential for secure email communication as it encrypts the outgoing messages and protects them from any unauthorized accesses. Sometimes, when you are installing Exchange Server 2010, then you can get a following security alert message –
‘The security certificate was issued by a company you have chosen not to trust. View the certificate to determine whether you want to trust the certifying authority.’
Cause of the warning
The warning message occurs due to the inability of the Autodiscover feature to connect the Outlook with the SSL certificate. The Autodiscover is a special feature which automatically connects the Outlook versions ( computer and mobile) with the Exchange’s mailboxes. It also configures the mailbox settings automatically. Whenever you install a new Exchange Server or migrate from older to a new one, then Client Server Access Role is installed, and the Autodiscover service is registered automatically in AD.
When the Outlook tries to connect with Autodiscover by using an SSL certificate (https protocol), then it gives the warning because Exchange 2010 Client Access Server is configured with only a self-signed SSL certificate on its first installation.
Here are some solutions which you need to follow to manage the SSL certificate –
- Reissue a new SSL certificate from a trusted third-party vendor.
- Purchase an original SSL certificate from an authorized certificate vendor and install to the Exchange Server.
Install SSL Certificate at the Exchange Server 2010
After purchasing the SSL certificate, you can install it at the Exchange with the help of Exchange Management Console. Follow the below steps:
- Start Exchange Management Console from applications and go to ‘Manage Database’ option.
- Select the ‘Server Configuration.’
- Here, you can see the SSL certificate with the name you requested. For example, ‘your-domain-name.cer.’
- Select the certificate and click the ‘Complete Pending Request’ under the ‘Actions’ menu.
- Browse the SSL certificate and click Open, then click Complete.
If you are using IIS Server 7 or 8 series, then you may get the error message that “The source data is corrupted or not properly Base64 encoded.”
Refresh the certificate and check the status under ‘Self Signed’ option. If it says ‘False,’ then it is fine but if it says ‘True,’ then it means that either you have selected a wrong certificate, or you had requested the certificate on a different Exchange Server.
Enable the SSL Certificate
- Go back to Exchange Management Console and choose ‘Manage Databases.’
- Select ‘Server Configuration’ and click ‘Assign Services to Certificate.’
- Select various services for which you want to enable the certificate. Finally, click Next >> Assign >> Finish.
The SSL certificate is active and is securing your email communication at Exchange Server 2010. It will ensure secure client-server communication, protect you from any external user or hacker, legitimize your identity to the network, and improve the client trust.
But, when you are migrating from one version of Exchange to another, you may face such issues constantly before and after migration, or during the migration itself. And after similar warning as errors, you may not be having time to handle such issues. If you want to save yourself from facing any complex problems during migration, then you should use professional Exchange migration tools like Kernel Migrator for Exchange software. It can conduct safe and secure migration and hide all the complexities from you.
Kernel Migrator for Exchange
Kernel Migrator for Exchange accesses the Exchange data from one Exchange Server to another Exchange Server. The great benefit of using the software is that you can schedule your migration at any desired time. It also does not affect the Exchange availability, and users can continue to access their Exchange mailboxes.