Calendar Overlays and Exchange 2010

Question

I'm  trying to setup a Calendar Overlay with Exchange on my project calendar.  I can browse the OWA URL and the Exchange Web Service  (.asmx) in Internet Explorer without any errors.  Both URLs use https and are third-party signed.  After I inupt the URLs into the Overlay config screen and save, Sharepoint attents to retrieve the calendar information and throws the follows error: "Could not establish trust relationship for the SSL/TLS secure channel with authority" on the calendar screen.

Any ideas?

Answer 1

Since I never got a response back from the community, I thought I would post the resolution for anyone who has this issue in the future.

 

1) Go to "Central Administration" and click on "Security"

2) Under "General Security" click on "Manage trust"

3) Create a name (e.g. Name: Webmail) 

4) Root certificate for the trust relationship:  <enter cert provided downloaded from  third-party CA>

5) Click OK

Obviously, you need to specify the correct root cert for it to work.

Answer 2

Just wanted to say thanks - this worked for me. I think the issue is when you have a Third-Party  SSL certificate on your OWA XCHG box, the root isn't trusted by the SP app, whereas if you were using a domain/enterprise CA it is by default.

In our case we have a certificate from DigiCert. In case anyone needs a hand finding the right root certificate to upload, go to your OWA site, and view the SSL certificate used. Go to the Certification Path tab, and double-click the top-most certificate in the chain to open it.If you look the certificate over you should see a URL for the authority that issued it in the form of a web address. Go to that site and hunt around for "Root CA certificate downloads". The *.cer file you download will be the thing that you upload following Triplestick's instructions above.

Thanks again Triple,

Tony

 

Answer 3

Hi,

I've been having similar trouble trying to get our exchange calendars to display in sharepoint, but when I try to upload the Root certificate it gives me the error

The Root Certificate that was just selected is invalid. This may be because the selected certificate requires a password and we do not support certificates that require a password. Please select another certificate.

The certificate should be correct according to our network guy, any ideas anyone?

thanks

Sam 

Answer 4

I installed the right certificate and i did the following thing :

1) Go to "Central Administration" and click on "Security"

2) Under "General Security" click on "Manage trust"

3) Create a name (e.g. Name: Webmail) 

4) Root certificate for the trust relationship:  <enter cert provided downloaded from  third-party CA>

5) Click OK

still have this error : Could not establish trust relationship for the SSL/TLS secure channel with authority "exchange server"

can somebody help me out.

Answer 5

I followed the instructions, got the correct root ca from the third party. When I refresh my calendar, Im getting the following error:

 

The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'Negotiate,NTLM'.

 

Any help  is appreciated!

Answer 6

I'm having this same issue. 

vasys10, Did you find an answer yet.  I think it might have something to do with our exchange server only accepting anonymous requests where SharePoint isn't using anonymous access.  I'm not sure how we can tell the service or whatever to use anonymous access.

Thanks.

Answer 7

The Root Certificate that was just selected is invalid. This may be because the selected certificate requires a password and we do not support certificates that require a password. Please select another certificate.

Same issue here.
Exported the Root CA that signed our Exchange Certificate. But im unable to import it into Sharepoint Trusts

Any hints?

Thanks
Christian

Answer 8

I did the same as Christian and have the same problem.  Any answers?  I am trying to get my hands on the original Certificate we imported into Exchange.

If I can & it works, I will let you knwo here.

Jeff

Answer 9

Hi

You can export web Cert without password from certificates snap in "mmc app" on the web server you have installed the web cert on.

And then you take this exported Cert an import it to Sharepoint.

Problem Solved !

---

Johan Svensson System Consult Web /Sharepoint

Answer 10

Make sure you use IE and NOT Firefox. For me Firefox would never let me import it but it came right in with IE 8.

Needs to be in DER format .CER extension

Answer 11

Hi

Thanks for this. I had the same problem and this post helped me resolve it. We have a wildcard SSL from GoDaddy. I went to the GoDaddy certificate repository https://certs.godaddy.com/anonymous/repository.seam and download both the intermediate and class 2 root certificates and it worked.

Regards,
-Mustu521

Answer 12

I have exported the root ca from Exchange webmail.domain.com and have tried this method and still says its invalid (Exported as .DER)

Any ideas to why the certificate is saying invalid?

 

Thank you in advance.

 

-Ryan

 

Answer 13

Good Day,

I am experiencing the same exact problem as everyone else. I am continuing to receive the error messages below after I have imported the Certificate.

On the production environment, I am getting this error message even after the certificate has been installed.

 Could not establish trust relationship for the SSL/TLS secure channel with authority "exchange server"

On the Development environment, I am getting this error message after the certificate has been installed.

The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'Negotiate,NTLM'.

Question:
Has anyone been able to resolve this issue so that we can see our Exchange Calendars in SharePoint?

Answer 14

I have a wildcard cert from network solutions...

 

I have tried using the CA and the cert its self... I keep getting the SSL/TLS errors.

 

Any help would be much appreciated.

Answer 15

Regarding the NTLM error - Exchange OWA can be set up to use Basic or NTLM authentication. I would guess that SP is expecting NTLM, and Exchange is set to use Basic.

That's just a guess, though.

As far as these issues go, I am unable to get past the SSL/TLS error. Trying to use Manage Trust gives me the error: 

The Root Certificate that was just selected is invalid. This may be because the selected certificate requires a password and we do not support certificates that require a password. Please select another certificate.

Now, with regards to importing the certificate in the certificate store on the WFE:

Does only the root certificate for the OWA server need to go, or is it the entire hierarchy? And if you're using the Certificates plug-in, are you importing these certificates into the Sharepoint store, or the Trusted Root Certification area?

There seems to be a lot of confusion about this.....

Jon

Answer 16

Hi

You must import a cert without a password to solv this error //Johan

---

Johan Svensson System Consult Web /Sharepoint

Answer 17

Outlook Web Access URL:

https://mail/owa

 

Exchange Web Service URL:

https://mail/ews/exchange.asmx

 

Make sure your Exchange web service URL is OK

 

https://skydrive.live.com/view.aspx/Technology/SharePoint2010ExchangeCalendarOverlaySSLCertificate.docx?cid=6f40fb61d28cf147&sc=documents

 If you use exchange server 2003 then .asm. If you use exchange 2007 or 2010 use .asmx!

Enjoy

Answer 18

Mustu521, you were right on for us.  We too are using GoDaddy certs.  Following your instructions, we downloaded those two certificates, loaded our exchange cert, and everything connected successfully.  Thanks!

Answer 19

Mustu521,

You are a genius OR at least saved me another 3 days of figuring out why this is NOT working. Adding the Go Daddy Class 2 root certificate from the link you provided to the SharePoint Trust Relationship store did the trick! Thanks a bunch!

---

Best Regards, Phil

Answer 20

Go Daddy thing worked like a charm for me. THANKS!