Results 1 to 8 of 8

Thread: Outlook users getting certificate warning

  1. #1
    GaryC's Avatar
    GaryC is offline Junior Member
    Join Date
    Feb 2009
    Location
    Federal Way WA
    Posts
    8
    Rep Power
    6

    Question Outlook users getting certificate warning

    All of my outlook users are getting a server certificate warning.
    We have a mix of outlook clients that include outlook 2002, 2003, and 2007.
    We are not using the outlook connector but are accessing the Zimbra mail server via pop3 with ssl for incoming on port 995. When the users open outlook they are getting this warning

    "The server you are connecting to is using a security certificate that could not be verified. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Do you wish to continue using this server? Yes No"

    I have added the server to the trusted sites in the Internet Options (Intranet) but did not solve. I have been reading a lot of stuff from the web but it all has to do with Exchange and Outlook. The certificate has not expired and was created from the SUSE/Zimbra mail server in our local domain. Can someone please help me figure out how to stop this pop up. It is not causing any problems with users receiving their mail as long as they click yes. It is just an annoyance.

    This was not a problem for our Thunderbird users, we just select accept always and it went away. I wish all my users would use Thunderbird.

  2. #2
    y@w's Avatar
    y@w
    y@w is offline Moderator
    Join Date
    Jan 2008
    Posts
    658
    Rep Power
    8

    Default

    Outlook is displaying that because your certificate is probably self-signed. You can either install a commercial certificate or here's an example of how to force Windows to accept the certificate: Microsoft Supportability e-Newsletter : Self-Signed Certificate issue when connecting to the exchange server

  3. #3
    GaryC's Avatar
    GaryC is offline Junior Member
    Join Date
    Feb 2009
    Location
    Federal Way WA
    Posts
    8
    Rep Power
    6

    Default outlook clients and ssl certificate

    The MS site that you point to may work if you are running Vista and using outlook for web clients. We are using XP pro and regular outlook clients and do not have the option to download and automatically install the self signed certificate. My question still stands how do I get this done.

    What ca file do I need to bring from the Zimbra server to the XP client or cell phone and how to I install it?

  4. #4
    penbrock is offline Intermediate Member
    Join Date
    Dec 2008
    Location
    Anchorage Alaska
    Posts
    17
    Rep Power
    6

    Default

    I have the same issue, was the fix ever found?

  5. #5
    GaryC's Avatar
    GaryC is offline Junior Member
    Join Date
    Feb 2009
    Location
    Federal Way WA
    Posts
    8
    Rep Power
    6

    Angry "Outlook users getting certificate warning"

    The only solution that we have found is to purchase a certificate from a known authority. Outlook will not accept self signed certificates. Neither will Smart phones/Blackberry's.

    If you find a way around this please let me know.

    GaryC

  6. #6
    YetiRick is offline Junior Member
    Join Date
    Mar 2009
    Posts
    5
    Rep Power
    6

    Default

    I know this is too late to help any of the old posters, but it may help other with the same question...

    Assuming the Zimbra devs don't move the file, the command:

    openssl x509 -in /opt/zimbra/ssl/zimbra/ca/ca.pem -outform DER -out ca.der

    will generate the CA root certificate you need in order for Windows to import it properly. You can then copy the resulting ca.der file to your Windows box and double-click it (or import it using the wizard.) It will install into the "Trusted Root Certification Authorities" section of your certificates window. Outlook and HTTPS webmail will no longer generate those annoying errors.

    Please keep in mind that if the Zimbra CA is pre-generated and not generated at the time of installation, this will open you up to misidentified sites that sign their own certs with the same CA. I don't know if this is the case or not, but would recommend building your own CA if you're unsure.

    [SOLVED] Rolling Your Own CA and Installing Certificates in Zimbra

    will get that done for you. And you won't have to guess at which ca.pem file to use.

  7. #7
    Dmitriy is offline Starter Member
    Join Date
    Aug 2012
    Posts
    1
    Rep Power
    2

    Default

    Quote Originally Posted by YetiRick View Post
    I know this is too late to help any of the old posters, but it may help other with the same question...

    Assuming the Zimbra devs don't move the file, the command:

    openssl x509 -in /opt/zimbra/ssl/zimbra/ca/ca.pem -outform DER -out ca.der

    will generate the CA root certificate you need in order for Windows to import it properly. You can then copy the resulting ca.der file to your Windows box and double-click it (or import it using the wizard.) It will install into the "Trusted Root Certification Authorities" section of your certificates window. Outlook and HTTPS webmail will no longer generate those annoying errors.

    Please keep in mind that if the Zimbra CA is pre-generated and not generated at the time of installation, this will open you up to misidentified sites that sign their own certs with the same CA. I don't know if this is the case or not, but would recommend building your own CA if you're unsure.

    [SOLVED] Rolling Your Own CA and Installing Certificates in Zimbra

    will get that done for you. And you won't have to guess at which ca.pem file to use.
    Thank YOU!!! Your post was very helpful for me!

  8. #8
    jplorier is offline Member
    Join Date
    Nov 2012
    Posts
    10
    Rep Power
    2

    Default

    Hi,

    I'm having the same issue with outlook 2007 but besides doing everything I've found in the web, it still complains about the certificate not been trustful.
    Anything else I should do besides buying a certificate?
    Regards,

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. [SOLVED] Error running mailboxd after script backup
    By ttortosa in forum Administrators
    Replies: 5
    Last Post: 10-22-2008, 01:33 AM
  2. Determine Outlook Users
    By sadams@bigrocksports.com in forum Zimbra Connector for Outlook
    Replies: 1
    Last Post: 01-29-2008, 12:58 PM
  3. [SOLVED] Upgraded to 5.0 OSS - Sendmail Problem
    By Chewie71 in forum Installation
    Replies: 11
    Last Post: 12-28-2007, 07:07 PM
  4. Replies: 1
    Last Post: 11-05-2007, 06:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •