This CA root Certificate is not trusted. To Enable trust, install this certificate in the Trusted Root Certification Authorities store.

On previous article we talked about , certificate warning

Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site’s security certificate.

 

The errors was causing by expired internal certificate on the CAS server or servers, as the limitation of internal issued certificates, ( expire in 1 year) we need to renew the expired certificate.

here is the link for more information

Here is summary how to deal with this situation

• Get-ExchangeCertificate | FL  ( to see the status of cert installed and the thumbprint
• Get-ExchangeCertificate -Thumbprint 56BB128980C53883BBF09AA0281FBC6471FB04FE | New-Certificate

**** you need to place your thumbprint

• Get-ExchangeCertificate | FL  ( one more time to see the certs)

At this point you will see two of them , pay attention one is “Valid” one is not, it is Invalid.

you want to remove the Invalid one by typing

• Remove-ExchangeCertificate –thumbprint 56BB128980C53883BBF09AA0281FBC6471FB04FE

Dont forget again the replace the correct thumbprint

Now you might need to enable the new cert with services

• Enable-exchangecertificate -services IMAP, POP, UM, IIS, SMTP -Thumbprint DBA3601A10DF90E0F00462C03940C90B8BA87292

last time to make sure issue

• Get-ExchangeCertificate | FL 

verify the Cert is valid and correct services are enable to use this internal cert.

oz Casey Dedeal,

MVP (Exchange)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +

Http://smtp25.blogspot.com (Blog)

Http://telnet25.spaces.live.com (Blog)

Http://telnet25.wordpress.com (Blog