Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Reenable Self-Signed Certificate for Exchange 2007

Posted on 2009-04-15
4
Medium Priority
?
588 Views
Last Modified: 2013-11-16
I'm setting up an Exchange 2007 server.  I generated a 3rd party certificate and successfully imported it with the Exchange Management Shell.  Then I made (I believe) the mistake of enabling it not only for IIS but also for SMTP.  Now OWA works perfectly but when I try to connect a test user within the domain via Outlook, I get an error saying "The name on the security certificate is invalid or does not match the name of the site."  I understand the error because I didn't include the internal name of the server on the 3rd party certificate.

What I'd like to do, I believe, is use the self-signed certificate (which is still listed in EMS) for the SMTP (Outlook) and the 3rd party certificate (UCC) for IIS (OWA, Activesync).  I've tried using the {Enable-ExchangeCertificate -Thumbprint [thumbprint] -Services "SMTP"} command to assign the SMTP back to the self-signed certificate.  I've even removed the 3rd party certificate using the Remove-ExchangeCertificate cmdlet, but no matter what I do, Outlook clients still are seeing the 3rd party certificate when they connect to Exchange.

Can I get the self-signed certificate back associated with SMTP or must I regenerate the 3rd party certificate?  If the self-signed cert will work, is there a trick to getting it back associated with SMTP that I'm missing?
0
Comment
Question by:pcamis
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24150315
As long as the name is valid on the UC cert, that would be best.  If you made a mistake and did not include the hostname in addition to the rest, or did not include the subject name in the SAN list as well, then you may run into issues.  If you recently got the cert, you should be able to conact the cert vendor and have them issue you a new UC cert with the complete set of names that you need.  You can use the UC cert for SMTP, POP3, OWA, etc.
0
 

Author Comment

by:pcamis
ID: 24150342
Thanks paranormastic... so just to confirm, you suggest that the right way to setup the UCC would be:

server.InternalDomain.com (this is the one I had omitted)
owa.ExternalDomain.com
pop.ExternalDomain.com

etc.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 2000 total points
ID: 24150472
usually
server   (hostname of server)
server.internaldomain.com
owa.externaldomain.comm
autodiscover.externaldomain.com

If you need

pop.external.com
smtp.external.co
then do that - many places alias these to just 'mail.externaldomain.com'

Remember that whichever name is in the CSR as the subject name will need to be re-entered into the big list of names for the subject alternate name.  This is just a certificate quirk.
0
 

Author Closing Comment

by:pcamis
ID: 31570538
Thanks!
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question