IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Software and Applications Forum / Exchange 2010 Goobs?
Post #381,454
by mmoffitt
10/1/13 9:27:19 AM
Reply
New Exchange 2010 Goobs?
I've got a certificate problem that is defying me. I'm getting the error "The certificate status could not be determined because the revocation check failed." I've done the following stuff except that we do not have a proxy in our environment.

http://support.micro...sd=rss&spid=13965

http://dxpetti.com/blog/?p=378

http://exchangeserve...d-proxy-settings/

This is a thawte cert that I successfully imported, but in the Exchange Management Console the above error appears. I was able to assign SMTP, POP and IMAP services to the certificate via the Exchange Management Shell, but it ain't working and I cannot resolve this error. Any clues appreciated.

Thanks,
Mikem
Post #381,459
by folkert
Picture of folkert
10/1/13 10:25:55 AM
Reply
New Intermediate Certificate Installed?
I get those kinds of errors when the machine in questions doesn't have the intermediate chained certificate installed.

It can't "chain" back to the source it is trying to check against, in a trusted manner.
--
greg@gregfolkert.net
"No snowflake in an avalanche ever feels responsible." --Stanislaw Jerzy Lec
Post #381,463
by mmoffitt
10/1/13 10:47:40 AM
Reply
New Yes.
At least I believe so. In the mmc, the certificate path is right and it reports the certificate is okay. Would not having the intermediate certificate not report an error?
Post #381,470
by folkert
Picture of folkert
10/1/13 11:08:05 AM
Reply
New You can have a Certificate...
that is chained and the Root Certificate is known... and check out perfect.

But when verifying the chain of certs, if the Intermediate is not installed... it puckers up and says it can't verify.

When you got the Thawte Certificate, you should have been given instructions on how to install the cert... also they usually provide a link to the "intermediate" stuff as a very small and non-noticeable disclaimer that say this other certificate must also be imported.

Usually Intermediate certs are not needed for Client machines (aka browsers or mail clients, etc...) since they have the root certs and the servers usually provide they ssl cert and the intermediate cert for the clients to get there. Since you have a server and it self is a client to itself... you need to add the intermediate cert specifically.
--
greg@gregfolkert.net
"No snowflake in an avalanche ever feels responsible." --Stanislaw Jerzy Lec
     Exchange 2010 Goobs? - (mmoffitt) - (3) - Oct. 1, 2013, 09:27:19 AM EDT
         Intermediate Certificate Installed? - (folkert) - (2) - Oct. 1, 2013, 10:25:55 AM EDT
             Yes. - (mmoffitt) - (1) - Oct. 1, 2013, 10:47:40 AM EDT
                 You can have a Certificate... - (folkert) - Oct. 1, 2013, 11:08:05 AM EDT

I think mushrooms are like steroids in this. See how you get bigger and stronger?
63 ms