toomanyservers
asked on
Exchange 2007 self sign certificate expired - outlook not using new cert
Hi,
My Exchange 2007 self certificate expired 2 days. Outlook 2007 now open with a certificate warning that that the cert expired. Which is of course expected.
I followed the steps here
http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.html
and created and enabled a new certificate for SMTP.
However when I open and close Outlook 2007, i still get the expired cert being sent.
I dont want to remove the expired cert before I confirm that everything is working ok.
Any ideas?
Thanks.
My Exchange 2007 self certificate expired 2 days. Outlook 2007 now open with a certificate warning that that the cert expired. Which is of course expected.
I followed the steps here
http://exchangepedia.com/blog/2008/01/exchange-server-2007-renewing-self.html
and created and enabled a new certificate for SMTP.
However when I open and close Outlook 2007, i still get the expired cert being sent.
I dont want to remove the expired cert before I confirm that everything is working ok.
Any ideas?
Thanks.
ASKER
Thanks for the reply .. here is the output from that command.
I used the enable-exchangecert on the new cert.
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule, System.Securi
ty.AccessControl.CryptoKey AccessRule }
CertificateDomains : {po4, po4.xxxx.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=po4
NotAfter : 5/19/2009 2:18:41 PM
NotBefore : 5/19/2008 2:18:41 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 6BC05EB6D90619A64CDFCBD07F A387F3
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=po4
Thumbprint : 5E84829B40133F455A6AA507F7 B160E47D7E EE2D
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule, System.Securi
ty.AccessControl.CryptoKey AccessRule }
CertificateDomains : {po4, po4.xxxx.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=xxx
NotAfter : 5/19/2009 10:35:34 AM
NotBefore : 5/19/2008 10:35:34 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : F26E0BF544D084804C77E6E66F 6C59B5
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=po4
Thumbprint : B3612E2407DA1D83C3A5711376 084F0EC47F 3BD2
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule}
CertificateDomains : {mail.gnyha.org}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=mail.xxxx.org, OU=Information Technology, O=GNYHA, L=N
ew York, S=New York, C=US
NotAfter : 2/12/2009 2:44:25 PM
NotBefore : 2/13/2008 8:44:25 AM
PublicKeySize : 1024
RootCAType : Unknown
SerialNumber : 38B29A414A6481407178102121 3368
Services : None
Status : Invalid
Subject : CN=mail.xxx.org, OU=Information Technology, O=GNYHA, L=N
ew York, S=New York, C=US
Thumbprint : 9E86ABB9ACDA3A04D094AF370D A194AAADA7 EF60
AccessRules : {System.Security.AccessCon trol.Crypt oKeyAccess Rule, System
.Security.AccessControl.Cr yptoKeyAcc essRule, System.Securi
ty.AccessControl.CryptoKey AccessRule }
CertificateDomains : {po4, po4.xxxx.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=po4
NotAfter : 5/16/2008 4:13:53 PM
NotBefore : 5/16/2007 4:13:53 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 9B894CBE422ECCAD4A621AD972 5FA5EC
Services : IMAP, POP, IIS, SMTP
Status : Invalid
Subject : CN=po4
Thumbprint : 2021A66ACB8FE14DD867368BC9 E14E2C2802 6919
I used the enable-exchangecert on the new cert.
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {po4, po4.xxxx.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=po4
NotAfter : 5/19/2009 2:18:41 PM
NotBefore : 5/19/2008 2:18:41 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 6BC05EB6D90619A64CDFCBD07F
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=po4
Thumbprint : 5E84829B40133F455A6AA507F7
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {po4, po4.xxxx.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=xxx
NotAfter : 5/19/2009 10:35:34 AM
NotBefore : 5/19/2008 10:35:34 AM
PublicKeySize : 2048
RootCAType : None
SerialNumber : F26E0BF544D084804C77E6E66F
Services : IMAP, POP, SMTP
Status : Valid
Subject : CN=po4
Thumbprint : B3612E2407DA1D83C3A5711376
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
CertificateDomains : {mail.gnyha.org}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=mail.xxxx.org, OU=Information Technology, O=GNYHA, L=N
ew York, S=New York, C=US
NotAfter : 2/12/2009 2:44:25 PM
NotBefore : 2/13/2008 8:44:25 AM
PublicKeySize : 1024
RootCAType : Unknown
SerialNumber : 38B29A414A6481407178102121
Services : None
Status : Invalid
Subject : CN=mail.xxx.org, OU=Information Technology, O=GNYHA, L=N
ew York, S=New York, C=US
Thumbprint : 9E86ABB9ACDA3A04D094AF370D
AccessRules : {System.Security.AccessCon
.Security.AccessControl.Cr
ty.AccessControl.CryptoKey
CertificateDomains : {po4, po4.xxxx.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=po4
NotAfter : 5/16/2008 4:13:53 PM
NotBefore : 5/16/2007 4:13:53 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 9B894CBE422ECCAD4A621AD972
Services : IMAP, POP, IIS, SMTP
Status : Invalid
Subject : CN=po4
Thumbprint : 2021A66ACB8FE14DD867368BC9
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
it looks like I have 2 certs bound to IMPA. POP. and SMTP, is that proper? if not, how would I get rid of one of them?
I iwll try binding one to IIS
I iwll try binding one to IIS
It can happen easily enough, not especially helpful but those are more likely to generate error messages on the Exchange Server even log than at the client (as far as I've seen).
Chris
ASKER
thanks - the outlook message stopped popping up after binding it to IIS.
Out of curiosity, did you remove the service bindings from the old certificate? Or does it still list all of them?
You should be able to verify that with:
Get-ExchangeCertificate | Format-List
Chris