Hi Guys, 

I am setting up a dev lab of exchange 2013. The env is quite simple - one server as DC, DNS, and Certificate Service (enterprise) and one server as exchange mailbox & CAS server.

I am following these article to issue a cert and import to exchange

exchangeserverpro.com/exchange-2013-ssl-certificate-private-certificate-authority/

michaelvh.wordpress.com/2012/07/22/configuring-certificates-in-exchange-server-2013-preview/

After I import the cert to exchange, its status is Invalid. I no experience on certificate configuration. Which step goes wrong?

I would expect Exchange can pop up a dialog with the detailed reasons or write some logs somewhere if the imported certificate to is invalid.  

Thanks,

Msts

I think it's my certificate request setting that brings the trouble. I create another request with everything set as default, issue the cert and import the cert. Now the cert status is Valid. But it is not what I want. It is assigned to IMAP and POP services by default and I cannot change it! What I want is a cert assigned to IIS for ActiveSync.

Here are some special settings of the cert request of the Invalid cert.

The domain of ActiveSync external url is mail.domain.local while the internal one is CAS.domain.local.

In step "Specify the domains you want to...", I select domain mail.domain.local.

In step "Based on your selections, the following domains will be included...", by default, domain CAS.domain.local is highlighted. I manually highlight mail.domain.local and delete all the others.

I don't think my org info matters, so I set the org info arbitrary. 

It's a new env and no other certs installed expect for the exchange default ones. 

Could someone give me some advice?

Thanks in advance!

M