Exchange certificate error

Similar Messages

• Certificate error on Outlook 2013 clients, Outlook 2007 clients do not get certificate error, Exchange 2010, dot local domain name

  Hi
  I'm looking for a solution that I can't seem to find.  I have an Exchange 2010 server running in a dot local domain (domainname.local), so my SSL certificate is installed using the servers external email DNS name.  email.mycompany.com
  I have followed the instructions to resolve this on the Exchange server, implemented the changes so autodiscovery sees the server as email.mycompany.com.  This works great for my Outlook 2007 users.  The downside is that none of my Outlook 2013
  clients can access their email without the certificate error server name mismatch.  
  I know Outlook 2013 has tighter security but I need to get rid of these cert errors, any thoughts out there?

  Hi,
  Since both your Outlook 2007 users and Outlook 2013 users are using Exchange 2010 with the same server configuration, it should be working in both Outlook client version.
  Please restart your IIS service by running IISReset /noforce from a Command Prompt window in Exchange to have a try. In Outlook, please re-create a Outlook profile to check whether the issue persists.
  Regards,
  Winnie Liang
  TechNet Community Support

• Exchange 2007 Out of Office Certificate Error

  Hello,
  I have an Exchange 2007 Server and for some odd reason this week, we have been having issues enabling Out of Office in Outlook. It is some sort of issue with the Autodiscover service, but despite reading forum post after forum post, nothing has worked for
  me. At first when we would go into Outlook and click on Out of Office, it would freeze and then say the server is unavailable. I realized that it was trying to resolve a URL so I added a manual A record in the DNS server pointing to the local IP of the server
  and it fixed the issue, kind of. Now when we click on Out of Office Assistant, we get a security certificate error and it is driving my users crazy. I have updated the SRV record and many things, still unable to get it to work. 
  Any help would be super!! 
  Thanks!

  Hi,
  1.First of all please check the name what you are using for autodiscover service is available on SAN certificate.
  2.Please check the name resolution is happening for autodiscover namespace.
  I.e if you try to resolve autodisccover.mydomain.com (or) mail.mydomain.com in your problematic PC it should have to resolved in to cas server ip address or in some scenarios it will get resolved in to LB
  3.Then please check whether you have properly set the autodiscover internal URL in all the cas servers.
  It might be like below
   https:\\autodiscover.mydomain.com\autodiscover\autodiscover.xml
  (or)  
  https:\\mail.mydomain.com\autodiscover\autodiscover.xml
  4.Then please check for the web services url in all the cas servers and that is the major thing which will make the availability services (i.e OOF,free busy lookup) to work perfectly .
  5.In the problematic please uncheck the internet proxy exceptions.
  6.You cane use test email configuration to check whether the outlook client is fetching up the proper url for autodisocver and ews .
  7.test-outlookwebservices (we can use this command to check the fuctionality of autodiscover for an problematic user account)
  8.Please check the root certificates in the problematic client to check whether it is a expired or not .Root certificates is nothing but the one which will come by default with OS .
  9.If all the above is set as perfect but still you are facing the issue.Please follow the below one and this may be not required.
  Please export the san certificate from exchnage to pfx file which should have to include the certificate key by using MMC.Then import the pfx file in to problematic client .Let us see what happens .
  Same on my side i am having few questions about your environment .
  1.Are you facing any certificate errors in OWA .Because why i am asking please check the installed SAN certificate in exchange is valid and or it is not expired ?
  2.what is the problematic client operating system veriosn?
  Please reply me if you have any issues .
  Regards
  S.Nithyanandham

• Certificate error on the second exchange that is used as a proxy for internet facing

  Hello friends ,
  I have one just like it ( http://faragesolutions.files.wordpress.com/2013/04/proxy.jpg?w=650 ) scenario . Using two Exchange , only one of them is accessed as a proxy .
  In Exchange that is facing internet , I use a digital certificate with the public domain ( webmail.name.com ) and my OWA is configured to ( External: webmail.name.com ) and Internal : webmail.name.com ) .
  You Exchange that are not face to internet , OWA is configured to ( External: empty) and ( Internal : servername.local ) . This Exchange user when connecting with Outlook client is generating validation error name ( servername.local ) , because as I'm using
  the same Exchange certificate that is facing internet . So the audience is trying to validate the certificate name that is not registered as an alternative name.
  question : the exchange that is not facing the internet, I need to use the same public certificate that is in exchange that is facing the internet? or can I just use an internal certificate?
  Thank you.

  The names that go on the certificate must match the names you planned when you did the CAS namespace design.
  Some details here:http://blogs.technet.com/b/exchange/archive/2014/02/28/namespace-planning-in-exchange-2013.aspx
  So in your case if the cert does not match the name, then this will prompt users with errors.   They need to match.  As long as all your internal devices trust the issuer of the internal CA then you can use that.   Installing an
  enterprise CA will automatically publish it's root CA  public cert into AD so it works easily.
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Certificate errors on Exchange 2007

  We have a Exchange 2007 server that is recording certificate errors in the event log (server & domain names changed for post):
  Microsoft Exchange could not find a certificate that contains the domain name contoso.com in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector DNS with a FQDN parameter of contoso.com.
  Microsoft Exchange could not find a certificate that contains the domain name server.contoso.com in the personal store on the local computer.
  I have checked the configuration of the send and receive connectors:
  Get-SendConnector | FL name, fqdn, objectClass
  Name : DNS
  Fqdn : contoso.com
  ObjectClass : {top, msExchConnector, mailGateway, msExchRoutingSMTPConnector}
  Name : Host IT SMTP
  Fqdn : contoso.com
  ObjectClass : {top, msExchConnector, mailGateway, msExchRoutingSMTPConnector}
  Get-ReceiveConnector | FL name, fqdn, objectClass
  Name : Default servername
  Fqdn : servername.contoso.com
  ObjectClass : {top, msExchSmtpReceiveConnector}
  Name : Client servername
  Fqdn : servername.contoso.com
  ObjectClass : {top, msExchSmtpReceiveConnector}
  There is an installed certificate:
  {mail2.contoso.com, www.mail2.contoso.com, autodiscover.contoso.com, legacy.contoso.com} - IMAP, POP, IIS, SMTP valid until 09/01/2016
  There was a expired certificate:
  {servername, servername.contoso.com} - SMTP valid until 08/12/2010
  The fact that the mail is still working despite the expired certificate, makes me wonder if I could just change the receive connectors to use mail2.contoso.com instead of servername.contoso.com
  In the same vein, could I change the send connector to mail2.contoso.com from contoso.com

  Hi,
  Don’t modify the FQDN value on the default Receive connector Default <Server Name> that's automatically created on Mailbox servers. If you have multiple Mailbox servers in your Exchange organization and you change the FQDN value on the Default
  <Server Name> Receive connector, internal mail flow between Mailbox servers fails. For more information about it, please refer to fqdn parameter in the following article:
  http://technet.microsoft.com/en-us/library/bb125140(v=exchg.80).aspx  
  I suggest we can renew the expired certificate with names: contoso.com, servername.contoso.com instead of changing the FQDN of receive connector and send connector:
  http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspx  
  Thanks,
  Winnie Liang
  TechNet Community Support

• Certificate errors with Exchange 2013 and Outlook 2013

  Hello, I wonder if someone could help.
  I've recently set up a network with one Windows 2012 domain controller and one windows 2012 server running Exchange 2013.
  Clients run Outlook 2013 and are all one the same Lan. Outlook's setup wizard finds the exchange server automatically and sets up the profile. However if I choose the manual setup and enter the server
  name and user name it does not find the server.
  When I check the server name in Outlook it shows as 
  [email protected] rather than the real name of the server: AYCEX01.AYC.local.
  When Outlook is opened there is a certificate error saying "The name on the security certificate is invalid or does not match the name of the site." and another error saying "There is
  a problem with the server's security certificate. The name on the security certificate is invalid or does not match the name of the target site mail.ardfernyacht.co.uk. Outlook is unable to connect to the proxy server. (Error code 10)
  The external address by which users connect to OWA and active sych is mail.ardfernyacht.co.uk. The
  certificate which is used is one automatically generated by Exchange.
  Any suggestions you may have would be appreciated.
  Many thanks,
  Ruaridh
  Ruaridh Mackintosh

  Self sign cert wont work With autodiscover.For that you need 3rd part or from Your own CA.
  Please follow this guide to install CA in Your domain:
  http://careexchange.in/how-to-install-certificate-authority-on-windows-server-2012/
  Please follow this guide to request New cert in Exchange 2013:
  http://exchangeserverpro.com/create-ssl-certificate-request-exchange-2013/
  Your cert must contain external hostname of Your mail.domain.com
  Also configure Your Virtual directories to contain internal and external hostname:
  http://blogs.msdn.com/b/mvpawardprogram/archive/2013/03/18/virtual-directories-exchange-2013.aspx
  Regarding servername when using autodiscover,it should automatically resolve mailbox guid instead of servername.
  Please check if Your DNS is setup With autodiscover.domain.local (which is pointed to Your Exchange server)
  Hope this helps!
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

• Certificate error when try to send mail

  Masters,
  First of all sorry for my poor english. Im not IT specialist, so please ...
  I need help to fix my problem. I know there are many post with this but i can't figure out.
  We had a working enviroment with no certificate issue.
  I tried to set the Outlook Anywhere, and so i messed up something. Now if user open outlook and send / or reply a mail got a certificate error message. I don't care Outlook Anyhere anymore but i need to fix my issue...
  I have not enough reputation point, so i can't attach image. I used Snag to attach picture.
  Certification error message:
  This is how exchange certs looks like:
  The problem is occure when start outlook and start or reply a mail. Certfication error pop-up, and inside the message windows on the Certification Chain tab i see: "mydomain".local
  When i try to configure outlook anywhere i create and enable new certificate. I think when i did this i have to allow owerrite some service... I deleted that certification already.
  If i install the cert to root CA, then works ok. But i don't want to install it all our server, because its workd earlier. How can i fix this?
  Thank you

  Hello,
   First of all thank you for helpin' me.
   I do not want to use outlook anywhere anymore, but now i know need 3rd certf for work...
   Only i want to get back everything.
   I know if i install to root CA than pop up disappear (i test this one of our server) but because earlier we have no installed this cert...so i don't understand what should i did...
    1. i installed a new self-sign certificate and associate service SMTP for it.
    2. after all test failed i decided to delete this cert...
    3. now outlook get pop up with certificated issued by: ourcompany.local
               - i did not seen any certificate in the certificate store with this name...
   Now i test it again and the no pop up in outlook?! What happend? I check and the mentioned certificate not in the store?!
   If i delete a certificate and assign service to another one, how many time need to affect this to the enviroment?
  Thank you

• SSL Offloading and Certificate Errors

  I am attempting to offload SSL on an F5 load balancer.  I made the certificate request from the load balancer, procured the certificate from Entrust, and installed on the load balancer.  I then followed SSL Offloading TechNet instructions here:
  http://technet.microsoft.com/en-us/library/dn635115(v=exchg.150).aspx.  My two CAS servers still have the self-signed certificates bound in IIS.  I am getting certificate
  errors when making RPC over HTTPs connections in Outlook and the self-signed certificate is popping up.
  My question is what do I do with the certificates on my 2 CAS servers?  Do I leave the self-signed certificates on there and export the Entrust certificate from my F5 and then import it to my CAS servers and change the bindings in IIS? 
  Or do I have to make the CSR from a CAS server, issue a new Entrust certificate from that, import to both CAS servers, then import to the F5 and make sure all bindings are correct in IIS?
  Or am I completely misunderstanding how this works and need to do something different entirely?
  Thanks in advance for any guidance.

  As I previously mentioned, I have already followed the SSL Offloading guide from technet, which included unticking Require SSL for all the various objects in IIS (OWA, ECP, EWS, RPC etc.) 
  Additionally I made sure SSL Offloading was enabled for Outlook Anywhere in Powershell.  See for example output of Get-OutlookAnywhere:
  RunspaceId                         : 1bdf6a03-d43d-4478-84cc-95e18806b11b
  ServerName                         : TSTEXCG2013
  SSLOffloading                      : True
  ExternalHostname                   : tstowa.XXXX.com
  InternalHostname                   : tstowa.XXXX.com
  ExternalClientAuthenticationMethod : Ntlm
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  XropUrl                            :
  ExternalClientsRequireSsl          : True
  InternalClientsRequireSsl          : True
  MetabasePath                       : IIS://TSTEXCG2013.tstXXX.tstXXXX.tst/W3SVC/1/ROOT/Rpc
  Path                               : D:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\rpc
  ExtendedProtectionTokenChecking    : None
  ExtendedProtectionFlags            : {}
  ExtendedProtectionSPNList          : {}
  AdminDisplayVersion                : Version 15.0 (Build 847.32)
  Server                             : TSTEXCG2013
  AdminDisplayName                   :
  ExchangeVersion                    : 0.20 (15.0.0.0)
  Name                               : Rpc (Default Web Site)
  DistinguishedName                  : CN=Rpc (Default Web
                                       Site),CN=HTTP,CN=Protocols,CN=TSTEXCG2013,CN=Servers,CN=Exchange
  Administrative
                                       Group (FYDIBOHF23SPDLT),CN=Administrative
  Groups,CN=XXX XXXX,CN=Microsoft
                                       Exchange,CN=Services,CN=Configuration,DC=tstXXXX,DC=tst
  Identity                           : TSTEXCG2013\Rpc (Default Web Site)
  Guid                               : 9b2bc5e2-41c1-4219-9186-8e6b8cb63dc0
  ObjectCategory                     : tstXXXX.tst/Configuration/Schema/ms-Exch-Rpc-Http-Virtual-Directory
  ObjectClass                        : {top, msExchVirtualDirectory, msExchRpcHttpVirtualDirectory}
  WhenChanged                        : 7/10/2014 7:38:58 PM
  WhenCreated                        : 6/23/2014 2:54:36 PM
  WhenChangedUTC                     : 7/11/2014 12:38:58 AM
  WhenCreatedUTC                     : 6/23/2014 7:54:36 PM
  OrganizationId                     :
  OriginatingServer                  : TSTXXXXDC02.tstXXXX.tst
  IsValid                            : True
  ObjectState                        : Changed

• Exchange certificates and services setup for internal and external clients access on separate domains.

  I have the following on my local network.
  Server DomainA -> Small Business server 2003/Exchange 2003
  Server DomainB -> Windows 2008 R2/Exchange 2013
  Clients Domain A ->  Windows XP/Outlook 2003
  Clients Domain B -> Windows 7/Outlook 2007/2010
  Problem:  I want clients from DomainA to log into Exchange on DomainB on the same local network.
  I need to know how to setup the DNS on both domains and the certificates on the DomainB Exchange server
  to accept the connection from the PC on domainA.   All connections from clients on domainB to server on domainB
  work correctly but when adding accounts to Outlook 2003/2007 on domainA clients I am getting certificate errors.
  I have purchased certificates for mail.domainb.com and autodiscover.domainb.com but I dont know how to get 
  the clients on domainA to recognize those external URL's of the exchange server (with the certificates bound to them) from the internal network. Hence I get domain errors.
  I am getting issues when a client on DomainA tries to add an Outlook mail profile to connect to the Exchange on DomainB
  Any suggestions on how to set this up?
  thanks

  Domain A & Domain B are two separate AD Forests?
  Users in Domain A either need mailbox-enabled user accounts that are in DomainB or a linked mailbox in Domain B to utilise the Exchange Server in DomainB. In either case with the help of the autodiscover service user can use the services in ExchangeB. 
  If the client machines are member of domainA and you are trying to access ExchangeB you will then need to leverage a custom XML file for autodiscover and force the Outlook client to use this file. 
  <?xml version="1.0" encoding="utf-8"?> 
  <Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006"> 
    <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a"> 
      <Account> 
        <AccountType>email</AccountType> 
        <Action>redirectUrl</Action> 
        <RedirectUrl>https://autodiscover.domain.com/autodiscover/autodiscover.xml</RedirectUrl> 
      </Account> 
    </Response> 
  </Autodiscover>
  Then you need to configure the client machine to query that XML file by adding the following registry key:
  Refer to XML file
  for Outlook 2007:
  HKCU\Software\Microsoft\Office\12.0\Outlook\Autodiscover
  for Outlook 2010:
  HKCU\Software\Microsoft\Office\14.0\Outlook\Autodiscover
  STRING_value <your_namespace> = path to XML file
  you can find more information in the following link.
  Controlling Outlook Autodiscover behavior
  http://blogs.technet.com/b/kristinw/archive/2013/04/19/controlling-outlook-autodiscover-behavior.aspx
  CK

• Autodiscover, domain controllers, and certificate errors

  I have just deployed and Exchange 2013 server in one of my sites. I'm having tons of issues with it, but one issue I'm having trouble thinking through goes like this:
  All users have email addresses that are [email protected] Domain.com is our internal domain name and also a public domain. Now, in a Windows environment, if you were to nslookup domain.com within our network it
  will resolve to any one of the domain controllers. On our infrastructure master DC there is an IIS website, with SSL, that handles certificate services for our internal CA.
  Here's my problem: When a user opens Outlook and autodiscover attempts to find their Exchange connection info it first tries to reach the site
  https://domain.com/autodiscover/autodiscover.xml. If that PC happens to resolve domain.com to the DC that has our certificate services website on it then the Outlook client sends a certificate error.
  If the client is prior to Outlook 2013, the mailbox configuration just halts and throws an error.
  What do I do to prevent this?

  Hi,
  Yes, we can have the following “switchers”
  PreferLocalXML
  ExcludeHttpRedirect
  ExcludeHttpsAutoDiscoverDomain
  ExcludeHttpsRootDomain
  ExcludeScpLookup
  ExcludeSrvRecord
  ExcludeLastKnownGoodUR
  Thanks,
  Simon Wu
  TechNet Community Support

• Can't install applications - "Certificate Error, c...

  HI!
  I wanted to update Mail for Exchange, so thru phone uninstalled the application then went to OVI store(asked to update first) to download/install latest Mail for Exchange.
  After download, when installing it returned a "Certificate Error, contact provider". I tried to install other applications from OVI store, same error.
  If I try to install thru OVI suite (updated) it returns the error: 2153775105. To do this I copy from my phone card\data\install an application from NOKIA, what it does is to install OVI store at phone.
  I already done a reset to the phone, changed the settings to allow installation without certificates and even tried to change the phone date.
  I saw in Google several people with the same problem.
  I have a 5320 (no new firmware as been released)
  Thanks

  hello topplus,
  you should set Online Certificate Check to "OFF" to rectify the issue.
  You can set it OFF by doing the steps below:
  1. Menu
  2. Settings
  3. Phone Settings
  4. Applications
  5. App. Manager
  6. Set Online Certificate Check to "OFF"
  7. "Software Installation" should also be set to "ALL"
  another way is;
  1. Menu
  2. Settings
  3. Phone Settings
  4. Data Manager
  5. Application Manager
  6. Options
  7. Settings
  8. Set Online Certificate Check to "OFF"
  9. "Software Installation" should also be set to "ALL"
  After you have done the steps above, clear your phone's web browser's cache:
  1. Menu
  2. Internet
  3. Web
  4. Options
  5. Clear Privacy Data
  6. Cache
  After which, turn off and on phone then try to install application again.
  Cheers,
  kriz
  "If you want to win friends, make it a point to remember them. If you remember my name, you pay me a subtle compliment; you indicate that I have made an impression on you. Remember my name and you add to my feeling of importance."

• RESOLVED On Premises (intranet use only) Exchange Certificate Help (Please)!

  I apologize in advance for what may end up being a very silly issue.
  I have racked my brain and read and searched and I still can't seem to find the answer to my question.
  I have an in house Exchange server that is only accessible internally. We do not have external clients (laptops/tablets/etc) and all computers stay on premises. Most of our clients use OWA to access email. Everything has been working fine up until about
  2 weeks ago when everybody started getting a certificate error. I have tried every thing I can find to fix this issue to no avail. It seems the thumbprint of the certificate is different each time I visit the exchange server (https://exchange/owa). So I can
  install the certificate which works for a few minutes and then it prompts me again. When looking at the thumb print of each instance, everything seems to be exactly the same with the exception of the thumbprint.
  My first question, is do I still need to go through a CA even though this server is not accessible via external IP?
  Where are my clients getting the certificate they are trying to install because they do not match the certificate that is installed on the Exchange Server.
  Thank you in advance for anybody that can steer me in the right direction to getting this resolved.
  I support this site remotely so any additional info can be provided but there might be a small delay.

  First, thank you for taking the time to respond.
  "I'm going to assume that you have some sort of PKI infrastructure with in your environment."
  I'm not sure I do. This project landed in my lap a few years ago. This particular client is my only client
  with exchange. I have limped my way though to this point but I'm afraid I'm just not clear on what it is I actually need.
  We are running Exchange 2013 on a Server 2008 box. Everything worked fine up until about 2 weeks ago. I have no idea what changed.
  I think my biggest problem is my lack of understanding of where the client is pulling the certificate when I access the intranet site. I don't understand why the certificate (whether valid or not) isn't matching the certificate within IIS/Exchange admin.
  Hi,
  I think you can check your certificate information and provide the information here for more help. Please run the following command in Exchange Management Shell:
  Get-ExchangeCertificate | fl
  Additionally, since the certificate issue occurs when accessing Exchange server from OWA, please check the OWA configuration in your Exchange:
  Get-OwaVirtualDirectory | FL Identity,*Authentication*,*url*
  Generally, the namespace used in the OWA URL should be included in the Exchange certificate which is assigned with IIS service.
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Winnie Liang
  TechNet Community Support

• Outlook certificate errors from certificate on DSL modem.

  Hi,
  I have a client running Office 365 Small Business on a mix of Outlook 2007 and 2010 installs. We are getting certificate errors when using Outlook, and upon further investigation, I've found that the certificate it is seeing is from the DSL modem, showing
  Issued To: gateway.pace.com. I'm not working with a domain, I've double-checked everything in the DNS settings in-house and for the domain name. Also, the domain name is not in any way pointed to or set on the modem.
  Any help will be greatly appreciated!
  Thanks,
  Eric

  Hi,
  Is that different server an Exchange server? In the local Outlook 2013, please run Test E-mail AutoConfiguration tool to check if any services are using that namespace for service request. To run the tool, please do:
  please open Outlook - press CTRL key - right click on the Outlook icon from right bottom corner taskbar - Test Email AutoConfiguration. Put your email address - uncheck use guessmart and secure guessmart authentication - click Test to check your Autodiscover
  service.
  Then check the Results tab and Log tab for service namespace.
  In IE, please check the following settings for LAN:
  Click Settings > Internet Options > Connections > LAN settings, please make sure there is no proxy server set there. Only “Automatically detect settings” option is checked.
  Regards,
  Winnie Liang
  TechNet Community Support

• RDS 2012 - Certificate error when using RemoteApp

  Have setup the RD Gateway to use port 40001 for the https transport. Internally everything works good. Can login to RD Web externally fine, but when trying to launch a RemoteApp it starts then returns a certificate error. The certificate it is showing
  is for the exchange server which of course is on port 443.  This is a single IP environment. From what I see happening, it is defaulting back to 443 even though it has been told to use 40001. Obviously the site connects and secures using the 40001
  port, but the RemoteApps still want to fall back to 443. It this a flaw or am I missing something? I thought the whole reason of selecting another port was to use that other port.
  Thanks

  This power script worked like a charm for me.
  Luckily this is just a lab setup, but I was racking my brains for a couple of days until I found this.
  Same situation, port 443 is used for email server and needed to use an alternate SSL port.
  Changing the port on the server side for the RD Web Access URL was a breeze, but changing the port for the RemoteApp collection was not as easy to figure out until I found this post.
  In my situation, like I read before, when you try to run one of the apps in the collection, it will invoke the certificate that our mail server uses since it tries to use port 443 which is assigned to the mail server.
  Running the script immediately fixed the problem by using the alternate port specified in the script.
  Hopefully this will help tons of folks in this same situation.
  PS: If I had a bunch of public IPs to work with, I would not have to use alternate ports.

• Certificate error while calling a webservices from application deployed in

  Hi,
  When we are trying to invoke a web service from a client application which was deployed in weblogic server we are getting the certificate error. We are using go daddy certificate. Here is the log file
  Anyone Please advice.
  FileName
  weblogic.log
  FileComment
  <Apr 25, 2011 1:51:15 PM EDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=*.wvu.edu,OU=Domain Control Validated,O=*.wvu.edu". The loading of the trusted certificate list raised a certificate parsing exception Could not set value for ASN.1 string object..>
  <Apr 25, 2011 1:51:15 PM EDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=*.wvu.edu,OU=Domain Control Validated,O=*.wvu.edu". The loading of the trusted certificate list raised a certificate parsing exception Could not set value for ASN.1 string object..>
  javax.xml.ws.WebServiceException: weblogic.wsee.wsdl.WsdlException: Failed to read wsdl file from url due to -- javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
  at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:322)
  at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
  at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
  at javax.xml.ws.Service.<init>(Service.java:56)
  at wvudatacollection.wsproxy.scheduler.TimeClockScheduler_Service.<init>(TimeClockScheduler_Service.java:71)
  at wvudatacollection.wsproxy.scheduler.TimeClockSchedulerServiceWrapper.getStatus(TimeClockSchedulerServiceWrapper.java:96)
  at wvudatacollection.wsproxy.scheduler.GetSchedulerStatusWrapper.getStatusCode(GetSchedulerStatusWrapper.java:10)
  at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:597)
  at oracle.adf.model.binding.DCInvokeMethod.invokeMethod(DCInvokeMethod.java:561)
  at oracle.adf.model.binding.DCDataControl.invokeMethod(DCDataControl.java:2113)
  at oracle.adf.model.bc4j.DCJboDataControl.invokeMethod(DCJboDataControl.java:3009)
  at oracle.adf.model.bean.DCBeanDataControl.invokeMethod(DCBeanDataControl.java:436)
  at oracle.adf.model.binding.DCInvokeMethod.callMethod(DCInvokeMethod.java:256)
  at oracle.jbo.uicli.binding.JUCtrlActionBinding.doIt(JUCtrlActionBinding.java:1437)
  at oracle.adf.model.binding.DCDataControl.invokeOperation(DCDataControl.java:2120)
  at oracle.adf.model.bean.DCBeanDataControl.invokeOperation(DCBeanDataControl.java:464)
  at oracle.adf.model.adapter.AdapterDCService.invokeOperation(AdapterDCService.java:307)
  at oracle.jbo.uicli.binding.JUCtrlActionBinding.invoke(JUCtrlActionBinding.java:693)
  at oracle.adf.model.binding.DCInvokeAction.refreshInternal(DCInvokeAction.java:47)
  at oracle.adf.model.binding.DCInvokeAction.refresh(DCInvokeAction.java:33)
  at oracle.adf.model.binding.DCBindingContainer.internalRefreshControl(DCBindingContainer.java:3107)
  at oracle.adf.model.binding.DCBindingContainer.refresh(DCBindingContainer.java:2759)
  at oracle.adf.controller.internal.binding.TaskFlowRegionController.refreshRegion(TaskFlowRegionController.java:145)
  at oracle.adf.model.binding.DCBindingContainer.internalRefreshControl(DCBindingContainer.java:3038)
  at oracle.adf.model.binding.DCBindingContainer.refresh(DCBindingContainer.java:2759)
  at oracle.adf.controller.v2.lifecycle.PageLifecycleImpl.prepareRender(PageLifecycleImpl.java:548)
  at oracle.adf.controller.v2.lifecycle.Lifecycle$9.execute(Lifecycle.java:224)
  at oracle.adfinternal.controller.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:192)
  at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.mav$executePhase(ADFPhaseListener.java:21)
  at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$5.before(ADFPhaseListener.java:395)
  at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.beforePhase(ADFPhaseListener.java:60)
  at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.beforePhase(ADFLifecyclePhaseListener.java:44)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:246)
  at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:193)
  at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
  at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
  at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247)
  at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157)
  at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.security.jps.wls.JpsWlsFilter$1.run(JpsWlsFilter.java:96)
  at java.security.AccessController.doPrivileged(Native Method)
  at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
  at oracle.security.jps.wls.util.JpsWlsUtil.runJaasMode(JpsWlsUtil.java:146)
  at oracle.security.jps.wls.JpsWlsFilter.doFilter(JpsWlsFilter.java:140)
  at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:70)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
  at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
  Caused by: weblogic.wsee.wsdl.WsdlException: Failed to read wsdl file from url due to -- javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
  at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:313)
  at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
  at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:312)
  ... 70 more
  Caused by: javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
  at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
  at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
  at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
  at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
  at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
  at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
  at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
  at com.certicom.tls.record.WriteHandler.write(Unknown Source)
  at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
  at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
  at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
  at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
  at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
  at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:103)
  at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
  at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
  at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
  ... 72 more
  Thanks,
  Sajja
  Edited by: user13514455 on Jun 13, 2011 8:35 AM

  We resolved this problem for the same version of JDeveloper in the WebLogic Console. In the Domain Structure / Evironment / Servers / Settings for Default Server, click the Configuration and SSL tabs. Then change Hostname Verification to None and check the Use JSSE SSL box at the bottom.