Solved

Reenable Self-Signed Certificate for Exchange 2007

Posted on 2009-04-15
4
577 Views
Last Modified: 2013-11-16
I'm setting up an Exchange 2007 server.  I generated a 3rd party certificate and successfully imported it with the Exchange Management Shell.  Then I made (I believe) the mistake of enabling it not only for IIS but also for SMTP.  Now OWA works perfectly but when I try to connect a test user within the domain via Outlook, I get an error saying "The name on the security certificate is invalid or does not match the name of the site."  I understand the error because I didn't include the internal name of the server on the 3rd party certificate.

What I'd like to do, I believe, is use the self-signed certificate (which is still listed in EMS) for the SMTP (Outlook) and the 3rd party certificate (UCC) for IIS (OWA, Activesync).  I've tried using the {Enable-ExchangeCertificate -Thumbprint [thumbprint] -Services "SMTP"} command to assign the SMTP back to the self-signed certificate.  I've even removed the 3rd party certificate using the Remove-ExchangeCertificate cmdlet, but no matter what I do, Outlook clients still are seeing the 3rd party certificate when they connect to Exchange.

Can I get the self-signed certificate back associated with SMTP or must I regenerate the 3rd party certificate?  If the self-signed cert will work, is there a trick to getting it back associated with SMTP that I'm missing?
0
Comment
Question by:pcamis
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24150315
As long as the name is valid on the UC cert, that would be best.  If you made a mistake and did not include the hostname in addition to the rest, or did not include the subject name in the SAN list as well, then you may run into issues.  If you recently got the cert, you should be able to conact the cert vendor and have them issue you a new UC cert with the complete set of names that you need.  You can use the UC cert for SMTP, POP3, OWA, etc.
0
 

Author Comment

by:pcamis
ID: 24150342
Thanks paranormastic... so just to confirm, you suggest that the right way to setup the UCC would be:

server.InternalDomain.com (this is the one I had omitted)
owa.ExternalDomain.com
pop.ExternalDomain.com

etc.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 24150472
usually
server   (hostname of server)
server.internaldomain.com
owa.externaldomain.comm
autodiscover.externaldomain.com

If you need

pop.external.com
smtp.external.co
then do that - many places alias these to just 'mail.externaldomain.com'

Remember that whichever name is in the CSR as the subject name will need to be re-entered into the big list of names for the subject alternate name.  This is just a certificate quirk.
0
 

Author Closing Comment

by:pcamis
ID: 31570538
Thanks!
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
shadow copies 7 17
What is this Task? 4 40
GPO Delegation 4 15
shadow copy on 2012 OS server 3 0
OfficeMate Freezes on login or does not load after login credentials are input.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
how to add IIS SMTP to handle application/Scanner relays into office 365.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now