When opening Microsoft Outlook you receive a Security Alert “Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site’s security certificate.”
The self-signed certificate that was created during the Exchange 2007 installation expires after one year. Use Exchange Management Shell to validate this is the problem you’re experiencing by running the following cmdlet.
Get-ExchangeCertificate | Format-List
NotAfter shows the certificate expiration date, Services shows the mail services that are being used by a particular certificate, and Thumbprint will be used to resolve this problem if your certificate is indeed expired.
Use the Exchange Management Shell to renew your default self-signed certificate to resolve this problem if it is expired. Note, this procedure cannot be used to renew a certificate purchased from a trusted certificate authority.
First, obtain the thumbprint of the current default certificate by running the command shown in the previous example. Next, clone the current certificate by running the following command.
Get-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx | New-ExchangeCertificate
And finally, remove the expired certificate.
Remove-ExchangeCertificate -Thumbprint xxOLDTHUMBPRINTxx
The new cloned certificate will be good for one year.
You also have the option of creating a new self-signed certificate. Verify your certificate is expired and obtain its Thumbprint by using that portion of the above procedure. Create a new self-signed certificate by using the New-ExchangeCertificate cmdlet. You’ll be prompted to replace the default certificate, choose yes. Associate the new certificate with IIS with the command shown in the following example unless you have purchased a certificate from a trusted certificate authority and it is associated with IIS.
Enable-ExchangeCertificate -Thumbprint xxNEWTHUNBPRINTxx -Service IIS
Remove the expired certificate once it’s no longer in use.
This option is less desirable than renewing the current certificate since any modifications made to the Exchange website SSL settings could be affected since SSL is removed, re-added, and reset as “Require 128-bit encryption”.
For more information: