The security certificate has expired or is not yet valid

Copper Contributor

Hi Guys,

 

I am trying to connect my office365 account to my Desktop Outlook 2016 application and i am getting the following message "The security certificate has expired or is not yet valid"

 

I was searching for this issue but i didn't find any solution.

Does anyone know what to do?

 

Thank you!!

Stavros

15 Replies

This looks like it could be a result of being in hybrid where the certificate being presented by your on-premises server(s) for autodiscover may not be valid.

Thank you Christopher for your answer.

The only connectivity that office 365 has is with my hosting.

I checked again my DNS functions and i believe that are correct.

The autodiscover should be autodiscover.outlook.com if i am right.

Am i missing something here? :)

 

Thank you again

When you click the View Certificate button in the warning, what is the subject name that is displayed?

subject

CN = mydomainname.com
OU = PositiveSSL
OU = Hosted by Hostgator.com LLC
OU = Domain Control Validated

Hi Stavros,

 

Can you test the Autodiscover test to see the problem ?

 

http://aka.ms/rca

Hi Nuno,

 

The messages are :

The Microsoft Connectivity Analyzer is attempting to build certificate chains for certificate CN=mydomain.com, OU=PositiveSSL, OU=Hosted by Hostgator.com LLC, OU=Domain Control Validated.

A certificate chain couldn't be constructed for the certificate.

and second
Testing TCP port 443 on host autodiscover.mydomain.com to ensure it's listening and open.

 

The specified port is either blocked, not listening, or not producing the expected response.

Thank you for your help

Hi Stavros,

 

That's the cause, and keep post here how the cause is based on what you found on test autodiscover.

So do i have to talk with hostgator or is something that i can do? i am a little bit confused.

Hi Stravos,

 

If your autodiscover record point to that provider and is your architecture, you will need to talk with them and correct the certificate. If you can describe here more detail on your architecture and the full result of autodiscover test (Without sensitive information) we could help more.

Hi Nuno,

 

I really appreciate your help. I will talk first with Hostgator to check if they can help and i will update again the post.

 

Thank you in advance.

Do you solved it?

Nop i didn't find any solution. I just have the users to click a yes and all are sync normaly

You can check your domain here https://www.ssllabs.com/ssltest it might give you an error that full chain of certificate is not installed (under Certification Path - press Click here to expand). It should say Sent by server in first two steps. If one of the steps is Additional download, then it is an issue. In that case you or your hosting provider have to install the certificate properly by combining full chain.

 

We had similar issue where mobile Skype app was complaining about bad certificate (though our page was showing green lock in browsers). I guess mobile apps can't get full chain on their own and expect it from a domain. Installing full chain fixed problem for us.

hi friend, i do it and it show this to me

 

Path #1: Trusted

1 Sent by server www.mydomain.com

2 Sent by server GlobeSSL DV Certification Authority 2

3 In trust store USERTrust RSA Certification Authority Self-signed

Path #2: Trusted

1 Sent by server www.mydomain.com

2 Sent by server GlobeSSL DV Certification Authority 2

3 Extra download USERTrust RSA Certification Authority

4 In trust store AddTrust External CA Root Self-signed
Weak or insecure signature, but no impact on root certificate


I managenment my web site, what i need to do?

Thanks!

Well, in our case all was done by hosting provider, so I can't tell exactly how to do this. But when installing certificate you have to include intermediate certificate in a combined file. Thia will fix the Extra download entry, though I'm not sure it will fix your issue. I'm just guessing it might be related.