Hi - We have a customer with an E2K7 server which has roles as both their mailbox and owa servers. The E2K7 server has a self signed certificate installed by default to secure client / server communications as per article:
We have uploaded this default certificate to CUPS successfully (all green and ticked in CUPS admin), however, we still cannot display Calendar Presence. The PE logs show the following error:
"EPE|system.pe.pa.owa.backend 2128230 ERROR ExchangeSession: 0x09dbc8c8 ssl problem(s): CERTIFICATE_AUTHORITY_SIGNATURE_NOT_TRUSTED - rejected"
TAC have advised that this is due to the CA bit not being set as per bug CSCsq64034:
The advice has been to re-issue the cert using makecert, however, when we have tried this it breaks Outlook / Exchange 2007 communications.
Has anyone come across this situation before?
Per Microsoft, a self-signed cert on IIS (ie. OWA) does not have the CA (Certificate Authority) bit set.
Without CA bit, CUPS won't trust the cert.
In order to get the CA bit, you either get the cert from a CA or use makecert.exe.