Exchange 2007 certificate status invalid?
Folks,
I have a certificate error I cant seem to get figured out. The initial certiface setup with this exchange 2007 installation had the wrong CN set, I have since created a new self signed cert with the correct CN and information, the problem is, I cannot apply it when trying to use the Enable-ExchangeCertificate
What started me on this quest was trying to resolve some random OOA issues as well as some problems in outlook with the access of calendars, I believe it is all due to the CN for the cert.
See link here for my logic, reason 2: http://www.proexchange.be/modules.php?name=News&file=article&sid=686
We are using a self signed cert because we do not want to pay for a SSL cert.... (I know, I know, I wish I could use a non-self signed). But any help as to why I cant apply this cert would be great. The thumbprints do match, so I am clueless... Thanks!
I have a certificate error I cant seem to get figured out. The initial certiface setup with this exchange 2007 installation had the wrong CN set, I have since created a new self signed cert with the correct CN and information, the problem is, I cannot apply it when trying to use the Enable-ExchangeCertificate
What started me on this quest was trying to resolve some random OOA issues as well as some problems in outlook with the access of calendars, I believe it is all due to the CN for the cert.
See link here for my logic, reason 2: http://www.proexchange.be/modules.php?name=News&file=article&sid=686
We are using a self signed cert because we do not want to pay for a SSL cert.... (I know, I know, I wish I could use a non-self signed). But any help as to why I cant apply this cert would be great. The thumbprints do match, so I am clueless... Thanks!
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.doamin.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=mail.domain.com, O=Org, L
=city, S=state, C=US
NotAfter : 4/9/2010 9:57:46 PM
NotBefore : 4/9/2009 3:57:46 PM
PublicKeySize : 2048
RootCAType : Unknown
SerialNumber : 33A12D2ED13DF9B149790F43BC3BB923
Services : None
Status : Invalid
Subject : CN=mail.domain.com, O=Org, L
=city, S=state, C=US
Thumbprint : D57D411F51BEBD143E57B2019CF604F4C93C7215
AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Server-4, Server-4.domain.com}
HasPrivateKey : True
IsSelfSigned : True
Issuer : CN=Server-4
NotAfter : 1/9/2010 5:22:25 PM
NotBefore : 1/9/2009 5:22:25 PM
PublicKeySize : 2048
RootCAType : None
SerialNumber : 7D0E4664B54BEA9B4F8757DAFC78F555
Services : IMAP, IIS, SMTP
Status : Valid
Subject : CN=Server-4
Thumbprint : C72CCACC7F692DEF03FCE30D37863A3C5E396EBA
[PS] C:\Documents and Settings\Administrator.domain>Enable-ExchangeCertificate D57
D411F51BEBD143E57B2019CF604F4C93C7215 -Services IIS, SMTP
Enable-ExchangeCertificate : The certificate with thumbprint D57D411F51BEBD143E
57B2019CF604F4C93C7215 was not found.
At line:1 char:27
+ Enable-ExchangeCertificate <<<< D57D411F51BEBD143E57B2019CF604F4C93C7215 -Se
rvices IIS, SMTP
darknoth
Did you actually install the certificate on the local machine before issuing the enable-exchangecertificate
ASKER
I believe so, the cert thumbprint shows up in the list using the "get-ExchangeCertificate" command. How can I check what you are asking me?
Open up the certificates MMC, start - run - control panel - certificates. Or start - run - mmc. Then click on file - add/remove snap-in, click on Add and select certificates. Choose the local machine and click OK. Check under personal certificates to see if the certificate is there.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.