Security Alert Issues

Outlook displays the Security Alert dialog box when Exchange is using a self-signed certificate – Fix it Immediately

While using Outlook 2010, you may get some security issues like Outlook will display security alert dialog box when Exchange is using a self-signed certificate.

Indication

While having this issues, you will keep receiving the security warning like

The security certificate was issued by a company you have not chosen to trust.

In addition, Microsoft Exchange Server 2010 name hosting the Client Access Server role is catalogued in the dialog box.

While clicking “View Certificate” and choosing “Certification Path”, it’s not necessary that CA Root certificate is trusted. Because, the certificate is not in the Trusted Root Certification Authorities store on the client. Additionally, Exchange 2010 server name that hosts the Client Access Server role is traded on the Certification Path tab.

Causes

This error usually caused because in case if given conditions are true.

Having Exchange 2007 server which hosts the Client Access Server role along with the Exchange 2010 server which hosts the Client Access Server role in the environment.

If your mailbox is placed on an Exchange 2010 server which is responsible for hosting Mailbox role.

Self-signed of the the certificate which hosts the Client Access Server role and is installed on the Exchange 2010 server

This problem may also generated because of redirecting Autodiscover request by the Microsoft Exchange Server 2007 server which hosts the Client Access Server role issued by Outlook.

And that redirection by the Exchange 2007 server issues mention the Exchange 2010 server hosting the Client Access Server role. Since, it (that is Exchange 2010 server) is using a self-signed certificate and this certificate is not trusted by the Outlook when occuring redirection.

Solution

In order to get rid of this particular issues, it’s necessary to install a certificate which is not a self-signed certificate on the Exchange 2010 server hosting Client Access Server role. It(certification) can either be one which Certification Authority server in your system issues or the one which is issued by a third-party certification authority.

In case, if you are not able to install a certificate that is not self-signed on the Exchange 2010 server, then you can use the following workaround on your system on which Outlook is installed. To install the self-signed certificate from the Exchange 2010 server into the Trusted Root Certification Authority storing on the workstation, just follow the steps given.

  1. Launch Outlook and click View certificate from Security Alert Box.
  2. Now from the View Certificate dialog box, select Install Certificate.
  3. In the Certificate Import Wizard, you have to go trough these steps:
  4. From the generated “Certificate Store” wizard page, select “Place all certificates in the following store”. Click “Browse”.
  • Click “Trusted Root Certification Authority” from the following Certificate Store dialog box. Now, click OK.
  • Then from “Certificate Store” wizard page, click on Next.
  • Hit “Finish” to complete the wizard.
  • Click Yes when you prompted to confirm the certificate installation.
  • When you are getting advise that “Import was successful”, click OK.
  • Click OK to close the View Certificate dialog box.
  • Now, in order to continue to start Outlook, click Yes in the Security Alert dialog box .
  • Then restart Outlook after existing.

Hopefully, after doing this, you should not get this error message again while starting outlook.

After installing this certificate by using above methods, you can also confirm that whether the the certificate is installed correctly or not on the client. You can do this ismply by

  1. Launch your browser that is Internet Explorer.
  2. Click Internet Options from the Tools menu.
  3. From the Content tab, select Certificates.
  4. Now, from the “Certificates dialog box”, click on Trusted Root Certification Authorities tab.
  5. Then find and locate certificate for your server by scrolling down the list of installed certificates.

Note In this premises where you are using self-signed certificate on your Exchange 2010 server,  Security Alert dialog box is not displayed if both of the following conditions are true:

  • The certificate will be listed then.
  • “In the “Expiration Date” column, the date has not been reached.

Ways to check whether you are using a self-signed certificate

In order to find out whether you are using a self-signed certificate on the Exchange 2010 server which hosts the role of Client Access Server, follow the given steps:

  • Firstly, on Exchange 2010 server, open Exchange Management Console.
  • In console tree, choose Server Configuration.
  • There, choose the server which hosts the Client Access Server role in the work pane.
  • Now, the value under Self-Signed column shows whether a self-signed certificate is installed.

After using all above methods, if you still are facing this issues, then you must utilize Outlook PST Repair Tool. Since, it has been considered as one of the most powerful and effective tool that has been designed in such a way that it do have capability to fix any error.