Federated trust Certificate requirements
Hello,
Last year, I had a first attempt to get federated trust working. After about a month or 2 troubleshooting with Microsoft support, everything was working fine. However, the customer decided not to use the solution at the time.
Now, they decided they wanted to give it another shot, so I'm trying to get things working again.
The certificate (signed by GoDaddy) is expired, but the Exchange Management console doesn't give any warnings when modifying the Federation Trust (I tried to replace the expired GoDaddy cert by a valid cert signed by GeoTrust, but this doesn't work, the
cert is not valid according to MS Live servers).
When I try to use the federation trust, it's not longer exchanging data between the organizations (no free/busy info available).
Will it help to replace the expired certificates? Or is anything else going on...
Thanks for the help,
Ben
December 22nd, 2011 9:58am
Did you try
test-federationtrustcertificate or
test-federationtrust cmdlets? Maybe some other problems you have.Regards, Konrad Sagala, MCT, MCSE+M, MCITP: Exchange 2007/2010
Free Windows Admin Tool Kit Click here and download it now
December 24th, 2011 5:57pm
Thanks for your reply.
When I execute the test-federationtrust cmdlet, I get an error on the OrganizationCertificate test, so I'll better replace those certificates with valid onces :)
December 26th, 2011 3:39am
Hi Ben,
Microsoft recommend using a self-signed certificate to establish a federation trust with the Microsoft Federation Gateway.
Understanding Federation
http://technet.microsoft.com/en-us/library/dd335047.aspx
And I would suggest you recreate the federation trust after you replace the old certificate.Frank Wang
TechNet Community Support
Free Windows Admin Tool Kit Click here and download it now
December 27th, 2011 2:17am
Hi Frank,
Thank you for your reply, but I already purchased a new 3rd party signed certificate.
I tried with a self-signed, but that didn't work. Perhaps I had to delete the trust completely and recreate it.
However, last year, MS was pretty strict in which certificates they accept and a self-signed wasn't any good. Perhpas this changed with SP1 or one of the updates to Exchange 2010.
After some more hassle (time out of sync apparently), sharing is working again. Onto the next problem (cross-domain automatic approval).
Cheers,
Ben
December 27th, 2011 8:03am
This topic is archived. No further replies will be accepted.
Other recent topics
