Troubleshooting NXPowerLite for Microsoft Exchange SSL certificate problems

When NXPowerLite for Microsoft Exchange (or NXPowerLite Scanner for Microsft Exchange) attempts to connect to EWS using the EWS URL you provided, it validates your Exchange client access server's SSL certificate in order to verify its identity. If this validation fails, you will receive an error message like this when you click "Connect" in the "Connect to Exchange server" dialog:

NXPowerLite cannot connect to the server - Please check the connection addresses and user credentials. Error details: The request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

See below for possible reasons why this might occur, and steps you can take to resolve it:

NXPowerLite cannot connect to the server - Please check the connection addresses and user credentials. Error details: The request failed. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

 

Using the wrong name in the EWS URL

The name you use in the EWS URL must match the name to which the SSL certificate was issued. For example, if your SSL certificate was issued to "exchange.example.com", you must use that full name in your EWS URL, for example https://exchange.example.com/EWS/Exchange.asmx. Using the IP address (e.g. https://192.168.1.33/EWS/Exchange.asmx) will not work.

If you are not sure what name the SSL certificate was issued to, please take the following steps:

  1. Open Internet Explorer.
  2. In the Address bar, enter the EWS URL that you have been using with NXPowerLite (e.g. https://192.168.1.33/EWS/Exchange.asmx).
  3. When warned of a problem with the certificate, click "Continue to this website (not recommended)".
  4. Click Cancel when prompted for a username and password.
  5. Click on the red "Certificate error" icon in the Address bar. A popup window should appear - if the title of this window is anything other than "Mismatched address", please follow the steps under "Untrusted SSL certificate" below.
  6. Click the "View certificates" link at the bottom of the popup window.
  7. In the "Certificate" window that opens, you should see "Issued to: <name>". This is the name that you should use in your EWS URL - for example, if the certificate is issued to "exchange.example.com", your EWS URL might be https://exchange.example.com/EWS/Exchange.asmx.

Untrusted SSL certificate

Certificate validation will fail if your Exchange client access server's SSL certificate is untrusted (most likely because it is self-signed, rather than being signed by a trusted certification authority). To resolve this, you will need to install the certificate on the computer where you will be running NXPowerLite for Microsoft Exchange.

A note on Internet security software: Some Internet security solutions intercept HTTPS conversations (so that the traffic can be checked for malware etc). This might prevent Internet Explorer seeing the real SSL certificate for your Exchange server. If this is the case, please disable any such security software before following the procedure below - you can enable it again immediately afterwards.

  1. Run Internet Explorer as an administrator. If UAC is disabled, you can simply ensure that you are logged in as a local administrator and then open Internet Explorer. If UAC is enabled, you will need to press the Windows key, type "Internet Explorer" then right-click on the Internet Explorer icon and select "Run as administrator".
  2. Enter your EWS URL into Internet Explorer's Address bar.
  3. When warned of a problem with the certificate, click "Continue to this website (not recommended)".
  4. Click "Cancel" when prompted for a username and password.
  5. Click on the red "Certificate error" icon in the Address bar.
  6. Click the "View certificates" link at the bottom of the popup window.
  7. Verify that the certificate is the one you are expecting.
  8. Click "Install Certificate...".
  9. Click "Next".
  10. Select "Place all certificates in the following store".
  11. Click the "Browse..." button.
  12. Make sure the "Show physical stores" checkbox is checked.
  13. Expand "Trusted Root Certification Authorities", then select "Local Computer".
  14. Click "Next".
  15. Click "Finish".

Once you restart the NXPowerLite Exchange Dashboard or NXPowerLite Scanner for Microsoft Exchange, the SSL certificate should now be trusted.

Neuxpower Support Article Logo
Have more questions? Submit a request
Powered by Zendesk