[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Exchange 2007 certificate status invalid?

Posted on 2009-04-10
4
Medium Priority
?
1,064 Views
Last Modified: 2012-05-06
Folks,

I have a certificate error I cant seem to get figured out.  The initial certiface setup with this exchange 2007 installation had the wrong CN set, I have since created a new self signed cert with the correct CN and information, the problem is, I cannot apply it when trying to use the Enable-ExchangeCertificate command.  Below is the info for the two certs and the error I get when trying to apply it...

What started me on this quest was trying to resolve some random OOA issues as well as some problems in outlook with the access of calendars, I believe it is all due to the CN for the cert.

See link here for my logic, reason 2:  http://www.proexchange.be/modules.php?name=News&file=article&sid=686

We are using a self signed cert because we do not want to pay for a SSL cert.... (I know, I know, I wish I could use a non-self signed).  But any help as to why I cant apply this cert would be great.  The thumbprints do match, so I am clueless...    Thanks!
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.doamin.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=mail.domain.com, O=Org, L
                     =city, S=state, C=US
NotAfter           : 4/9/2010 9:57:46 PM
NotBefore          : 4/9/2009 3:57:46 PM
PublicKeySize      : 2048
RootCAType         : Unknown
SerialNumber       : 33A12D2ED13DF9B149790F43BC3BB923
Services           : None
Status             : Invalid
Subject            : CN=mail.domain.com, O=Org, L
                     =city, S=state, C=US
Thumbprint         : D57D411F51BEBD143E57B2019CF604F4C93C7215
 
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Server-4, Server-4.domain.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=Server-4
NotAfter           : 1/9/2010 5:22:25 PM
NotBefore          : 1/9/2009 5:22:25 PM
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 7D0E4664B54BEA9B4F8757DAFC78F555
Services           : IMAP, IIS, SMTP
Status             : Valid
Subject            : CN=Server-4
Thumbprint         : C72CCACC7F692DEF03FCE30D37863A3C5E396EBA
 
 
 
[PS] C:\Documents and Settings\Administrator.domain>Enable-ExchangeCertificate D57
D411F51BEBD143E57B2019CF604F4C93C7215 -Services IIS, SMTP
Enable-ExchangeCertificate : The certificate with thumbprint D57D411F51BEBD143E
57B2019CF604F4C93C7215 was not found.
At line:1 char:27
+ Enable-ExchangeCertificate  <<<< D57D411F51BEBD143E57B2019CF604F4C93C7215 -Se
rvices IIS, SMTP

Open in new window

0
Comment
Question by:Xaerran
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 2

Expert Comment

by:darknoth
ID: 24121176
Did you actually install the certificate on the local machine before issuing the enable-exchangecertificate command?
0
 
LVL 2

Author Comment

by:Xaerran
ID: 24127840
I believe so, the cert thumbprint shows up in the list using the "get-ExchangeCertificate" command.  How can I check what you are asking me?
0
 
LVL 2

Expert Comment

by:darknoth
ID: 24131677
Open up the certificates MMC, start - run - control panel - certificates.  Or start - run - mmc.  Then click on file - add/remove snap-in, click on Add and select certificates.  Choose the local machine and click OK.  Check under personal certificates to see if the certificate is there.
0
 
LVL 2

Accepted Solution

by:
Xaerran earned 0 total points
ID: 24241798
Dark, thanks for the advice turns out i was trying to aply a certificate request and not the actual certificate.  the error i was getting with it being invalid was becuase it was not an exchange certificate, it was a different one?  Anyway, I was able to create a cert and get it applied, but it did not fix the out of office problems.....  I am wondering if the CN in the new cert is still wrong...
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question