Certificate and Authentication Issues

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

 

Applies to: Exchange Server 2007, Exchange Server 2007 SP1

The topics in this section will help you troubleshoot problems that may occur when you work with Transport Layer Security (TLS) certificates and authentication.

Microsoft Exchange Server 2007 uses certificates for much of its transport authentication and encryption functionality. Specifically, various implementations of TLS are used by the Microsoft Exchange Transport service to help secure session communication between transport severs.

By default, the certificates that are used for authentication and encryption for TLS are self-signed certificates.

In all cases, you can replace self-signed certificates with third-party certificates that are generated by your own internal public key infrastructure (PKI) solution.

Certificates are also used for authentication and encryption to help secure communications between a Client Access server and clients.

Before you troubleshoot certificate errors, review the following topics:

• Understanding SSL for Client Access

• TLS Functionality and Related Terminology in Exchange 2007

• SMTP TLS Certificate Selection

• How to Fix Certificate Validation Errors

• The ExchangeCertificate cmdlets under Global Cmdlets

Important

As you read through the troubleshooting topics that are listed below, remember that it is beyond the scope of this documentation to provide a detailed explanation of cryptography and certificate technologies and concepts. Before you deploy any security solution that uses cryptography and digital certificates, we recommend that you understand the basic concepts of trust, authentication, encryption, and public and private key exchange as they relate to cryptography. For more information, see the resources listed at the end of this topic.

Troubleshooting Topics

• How to Troubleshoot STARTTLS Certificate Error 12014

• How to Troubleshoot Direct Trust Certificate Errors 1037 and 2019

• Import-ExchangeCertificate fails with "the source data cannot be imported or the wrong password was specified"

• EdgeSync Fails with Event ID 10104

For More Information

For more information about cryptography and certificate technologies and concepts, see the following resources:

• Housley, Russ and Tim Polk. Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure. New York: John Wiley & Son, Inc., 2001.

• Adams, Carlisle and Steve Lloyd. Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition. New York: John Wiley & Son, Inc., 1996.

• Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure