?
Solved

Installing a Security Certificate for Exchange 2007 still shows original self signed certificate.

Posted on 2008-10-15
2
Medium Priority
?
1,227 Views
Last Modified: 2012-05-05
We processed and received back a Security Certificate for our Exchange Server.

Since installing per instructions the exchange server still links to the original self-signed certificate - which it shouldn't!

From outside we use webmail.domain.com to access the server (via OWA)
Internally we use servername.netbiosdomainname.local

This is the layout of the issued certificate

Primary domain name = domain.com

Sans list

1 - servername.netbiosdomainname.local
2 - domain.com
3 - webmail.domain.com


Should we have: 4 - servername (by itself)?

By running the below in powershell:
C:\>Get-ExchangeCertificate -DomainName servername.netbiosdomainname.local

It comes up with

print                                Services   Subject
-----                                --------   -------
C630********328E5342FF66D98A621BC0E  ..U..      CN=domainname.com
05E********BABE77335455321F7FF1498  IPUWS      CN=servername
4A821D31FE********73A8759E44B972BDA  IPU.S      CN=servername

0
Comment
Question by:kiwistag
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
BBRazz earned 2000 total points
ID: 22726825
Seems like the certificate has not been enabled for the services they n

Enabling the Exchange Certificate

Enable-ExchangeCertificate -thumb 484152332E6CD3F9864CEB933BC64867DF29BB0B Services IIS, SMTP, POP, IMAP

If you now look at OWA, you will see the newly assigned Certificate running on Site.

As good housekeeping, it would be good practice to remove the un-neccesary certificates to aid easier administration at a later date.eed to use.

-BBRazz
0
 
LVL 6

Author Comment

by:kiwistag
ID: 22736166
Yippee!!!!!!

Thanks - will e-mail Comodo to let them know what the issue was.

Their instructions stated:
Import-ExchangeCertificate -Path c:\exchange.comodo.com.crt | Enable-ExchangeCertificate -Services "SMTP, POP, IMAP, IIS"

Which obviously doesn't allow a force overwriting of the certificate assigned.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question