Exchange 2007 snd Certificates
Hi, I just took a certification class for Microsoft Exchange and was told that wildcard certificates were the best certificates to get in the organization and that they worked with Exchange... Now, in practice, I am seeing that is not true for POP
and IMAP.
When I run the command enable-exchangecertificate -thumbprint <thumbprint> -services "POP, IMAP", I get the following errors:
WARNING: This certificate will not be used for external TLS connections with an
FQDN of '*.mydomain.net' because the self-signed certificate with thumbprint
<thumbprint> takes precedence. The following connectors match that FQDN: POP3.
WARNING: This certificate will not be used for external TLS connections with an
FQDN of '*.mydomain.net' because the self-signed certificate with thumbprint
'<thumbprint>' takes precedence. The following connectors match that FQDN: IMAP4.
One of the weid things is that the thumbprint mentioned in the warning is the exect same thumbprint as the wildcard certificate I just purchased... Can anyone shed a light on this matter?
Thanks,
Allie McLachlanTS_IT
June 29th, 2011 5:25pm
Just One more thing. This machine is running Exchange 2007 SP3 on Windows 2003 R2.
Thanks again,
AllieTS_IT
Free Windows Admin Tool Kit Click here and download it now
June 29th, 2011 5:27pm
1. I would try to set: Set-POPSetings -X509CertificateName pop.yourdmoaninnat.net and the same for IMAP4.
Set-Imapsettings -X509CertificateName imap.yourdmoaninnat.net
Then restart the service for pop & imap and test connecting.Sukh
June 29th, 2011 6:36pm
Hi Sukh,
I tried the command wilth Pop and it seems to be working. Now do I rerun the: enable-exchangecertificate -thumbprint <thumbprint> -services "POP" again after using our fix? Please let me know!
Thanks again, AllieTS_IT
Free Windows Admin Tool Kit Click here and download it now
June 29th, 2011 8:26pm
Hi Sukh,
I ran the command for IMAP and it seems to be working fine. The only thing that now, when I run Best Practices Analizer, I get the following error:
Certificate SAN mismatch
The subject alternative name (SAN) of SSL certificate forhttps://server.mydomain.com/Microsoft-Server_ActiveSync does not appear to match the host address. Host address: server.mydomain.com. Current SAN: DNS Name=*.mydomain,com
Same goes for owa, autodiscover. etc... please let me know how to proceed!
Thanks,
Allie
TS_IT
July 6th, 2011 7:02pm