各位同胞,最近遇到一个棘手的问题,每次打开outlook均会提示以下信息:
==============================================
您连接到的服务器正在使用一个无法验证的安全证书。
已处理证书链,但是在不受信任提供程序信任的根证书中终止。
您想继续使用这个服务器吗?
==============================================
已经折磨几天了,无果。
操作环境:
服务端:
windows 2008 r2
exchange 2010 sp1
已经安装证书服务,并申请有证书
图片:exchange.jpg
客户端:
windows xp sp3
outlook express/outlook 2003(POP方式收取才会出现,若采用exchange方式则正常,OWA下也正常)
===========================================
Get-exchangecertificate | fl *
PSComputerName : mailserver.szsoling.com
RunspaceId : 14d0a5b3-1231-429e-af2a-0494dda26f2f
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
sRule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.szsoling.com, mailserver.szsoling.com, szsoling.com, autodiscover.szsoling.com}
CertificateRequest :
IisServices : {IIS://mailserver/W3SVC/1}
IsSelfSigned : False
KeyIdentifier : 7994CFE1C86EDC91066A286F8E5947DBEF40D3A4
RootCAType : Registry
Services : IMAP, POP, IIS, SMTP
Status : Valid
SubjectKeyIdentifier : 7994CFE1C86EDC91066A286F8E5947DBEF40D3A4
PrivateKeyExportable : True
PublicKeySize : 2048
ServicesStringForm : IP.WS.
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
y.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Crypt
ography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
FriendlyName : ExchangeCA03
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 2013/7/12 9:14:33
NotBefore : 2011/7/13 9:14:33
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 6, 32, 48, 130, 5, 8, 160, 3, 2, 1, 2, 2, 10, 26...}
SerialNumber : 1A1280990000000001AC
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : A803006F27D069C9128FBF2F1E3796F0389AF790
Version : 3
Handle : 491683120
Issuer : CN=szsoling-MAILSERVER-CA, DC=szsoling, DC=com
Subject : CN=mail.szsoling.com, OU=IT Dept., O="Shenzhen Soling Industrial Co.,LTD", L="Soling Industrial
Park,Fuming", S="Guanlan,Shenzhen,Guangdong", C=CN
PSComputerName : mailserver.szsoling.com
RunspaceId : 14d0a5b3-1231-429e-af2a-0494dda26f2f
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
sRule}
CertificateDomains : {szsoling-MAILSERVER-CA}
CertificateRequest :
IisServices : {}
IsSelfSigned : True
KeyIdentifier : 986798A783584779ABF00C2D3483A3148D722AE7
RootCAType : Registry
Services : None
Status : Valid
SubjectKeyIdentifier : 986798A783584779ABF00C2D3483A3148D722AE7
PrivateKeyExportable : True
PublicKeySize : 2048
ServicesStringForm : ......
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
y.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
FriendlyName :
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 2016/7/11 9:43:34
NotBefore : 2011/7/11 9:33:36
HasPrivateKey : True
PrivateKey :
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 3, 147, 48, 130, 2, 123, 160, 3, 2, 1, 2, 2, 16, 122...}
SerialNumber : 7A936307E156A5A6418B4347FCA38320
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : A57D2F0987E40F4A0BC7933D0B50801D5894000D
Version : 3
Handle : 491685424
Issuer : CN=szsoling-MAILSERVER-CA, DC=szsoling, DC=com
Subject : CN=szsoling-MAILSERVER-CA, DC=szsoling, DC=com
PSComputerName : mailserver.szsoling.com
RunspaceId : 14d0a5b3-1231-429e-af2a-0494dda26f2f
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcces
sRule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKe
yAccessRule}
CertificateDomains : {mailserver, mailserver.szsoling.com}
CertificateRequest :
IisServices : {}
IsSelfSigned : True
KeyIdentifier : E8E6107C74A9381A2254F4477C9A6662F028532B
RootCAType : None
Services : SMTP
Status : Valid
SubjectKeyIdentifier :
PrivateKeyExportable : False
PublicKeySize : 2048
ServicesStringForm : ....S.
Archived : False
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptograph
y.Oid, System.Security.Cryptography.Oid}
FriendlyName : Microsoft Exchange
IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter : 2016/5/25 21:52:04
NotBefore : 2011/5/25 21:52:04
HasPrivateKey : True
PrivateKey : System.Security.Cryptography.RSACryptoServiceProvider
PublicKey : System.Security.Cryptography.X509Certificates.PublicKey
RawData : {48, 130, 3, 25, 48, 130, 2, 1, 160, 3, 2, 1, 2, 2, 16, 61...}
SerialNumber : 3D8DB5D7BFF1909F499034A98446C6A2
SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm : System.Security.Cryptography.Oid
Thumbprint : CCD8BE4EB8A0983FE18F2B1B1E0E0ADC8CFFD59B
Version : 3
Handle : 549400784
Issuer : CN=mailserver
Subject : CN=mailserver
===========================================