thumbprint for certificate in Exchange 2007

I forgot to copy the thumbprint when the certificate request has been created.  Unfortunately, We've been doing the request a couple of times because Godaddy was asking to correct the information here and there.

So now when I run the get-exchangecertificate cmdlet I got 5 thumbprint.  I don'k know which one to pick to complete the process.  Does the last certificate request will be displayed at the top ?

Thanks
quadrumaneAsked:
Who is Participating?
 
MesthaCommented:
If you have not completed the request then I don't think the certificate will show in Get-ExchangeCertificate.
Have you received the response from GoDaddy? If so then just run the import command.

Import-ExchangeCertificate -Path c:\SSL\result.pfx

(where the certificate result is in C:\SSL and is called result.pfx)

Once that has been done then it should be listed.

-M
0
 
RandyReichertCommented:
Go into the certificates snap-in and look at the properties of each certificate. You can view the thumbprint in the properties. You can also see other properties that will help you in determining which is the certificate that is the appropriate one, such as: expiration/creation date, SAN info, etc...
0
 
quadrumaneAuthor Commented:
Thanks, but the certificate is not installed, I only have the certificate request done.  So the only visible certificate is the default Exchange certificate (and this one will be removed once the Godaddy SAN certificate will be installed)
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
RandyReichertCommented:
Sorry, I guess I didn't read all the way to the end of your comment. I did a Get-ExchangeCertificate and the one at the top of the list is the one that is my current certificate. Hope that helps.
0
 
quadrumaneAuthor Commented:
Yes I've got the answer and I got the SAN certificate.  I used Import-ExchangeCertificate to import the certificate.  But now when I try to enable the services I get an error:

[PS] C:\Windows\System32>Enable-ExchangeCertificate -Thumbprint 86E6956244F7D10B
89FC0C2472766FE8CA3CF938 -Services "SMTP, IIS"
Enable-ExchangeCertificate : Service is not installed.
Parameter name: Services
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< -Thumbprint 86E6956244F7D10B89FC0C2472766FE8
CA3CF938 -Services "SMTP, IIS"

The first time I tried to enable I have selected all services (IIS, SMTP, POP, IMAP) but as I don't need Pop and IMAP I tried to run the cmdlet with IIS et SMTP only from the CAS server where the certificate is now installed as you can see here (I replaced some information in this post for confidentiality purpose)

[PS] C:\Windows\System32>get-exchangecertificate

Thumbprint                                Services   Subject
----------                                --------   -------
86E6956244F7D10B89FC0C2472766FE8CA3CF938  IP...      CN=XXX, O=XXX...
FE6184E5F9E24AB2E723F67FB535DEE77F66B969  .....      C=CA, L=XXX S=XXX...
45C785DCD7279D8796C8E8D1A976556D3884CF03  .....      C=Canada, L=XXX, S...
E9D8664CF887E2187D2300582C13178B23BF169C  .....      C=CA, L=XXX S=XXX...
AAB0B8F031A49C27362F678513464E0E58544F85  .....      C=CA, L=XXX, S=XXX...

It seems that Imap and Pop have been enabled but this is not what I want of course.  

Thanks
0
 
quadrumaneAuthor Commented:
Ok I can enable IIS but not SMTP.  The SMTP service is not installed on this server (each role is on a different server) I guess this is why it can be enabled.  If it's true, I don't understand why everywhere (books, blogs, Microsoft) there is no reference regarding this limitation.

Or maybe I'm just confused... ?

Thanks
0
 
MesthaCommented:
Most books, blogs etc were probably done using a test system with all roles installed on the same server. If the server doesn't have Hub transport then there is no SMTP service, so you cannot enable it. Alas certificates seem to brushed over with most blogs, books etc, which is probably why my article is so popular.
http://www.sembee.co.uk/archive/2008/05/30/78.aspx

It would seem from the list that you haven't enabled IIS, the I is for IMAP. If IIS was enabled then W would be in the list.

-M
0
 
quadrumaneAuthor Commented:
Yes IIS is enabled I just haven't sent the snapshot yet.  

86E6956244F7D10B89FC0C2472766FE8CA3CF938  IP.W.      CN=XXX, O=XXX...

I don't see anything about this problem in your article.  But it's addressing quite a few other issues.   Maybe you should add a topic on how to enable SMTP or any other services on the other server roles.  As far as I understand, I have to install the certificate on the SMTP server to enable the service.  But having SMTP is not required as far as I know in the SAN.  In every article and book I read all Subject alternatives names I've seen are concerning the CAS server along the hostname, domain name  and autodiscover.  

Thanks
0
 
MesthaCommented:
I can count on one hand the number of deployments I have done where the roles have been separated. I compare it to the relative low use of frontend/backend scenario. Most deployments are a single server. My blog posting is aimed at those with a single server, because those deploying the more complex environments do not seem to need the assistance. I have been working with Exchange 2007 since release (before release when I was on an NDA) and this is the first question I can remember about certificates on the separate roles.

-M
0
 
quadrumaneAuthor Commented:
There is always a first time for everything, including asking question about the certificates on the separate roles ;+)

We're working on a new forest.  This forest is not yet in production.  The environment is not that complex:
SITE A
2 HUB
2 CAS IN NLB
2 MAILBOX (SCR)

SITE B
1 EDGE
1 HUB
1 CAS
1 MAILBOX

3 ESX and 3 iSCSI SAN

I think we're sitting between complex and less complex environments.  We don't have any cluster, but resilience.  

Thanks



0
 
MesthaCommented:
Anything above a single server could probably be considered complex for many people. Particularly now we have an SBS version with Exchange 2007.

-M
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.