Solved

Reenable Self-Signed Certificate for Exchange 2007

Posted on 2009-04-15
4
580 Views
Last Modified: 2013-11-16
I'm setting up an Exchange 2007 server.  I generated a 3rd party certificate and successfully imported it with the Exchange Management Shell.  Then I made (I believe) the mistake of enabling it not only for IIS but also for SMTP.  Now OWA works perfectly but when I try to connect a test user within the domain via Outlook, I get an error saying "The name on the security certificate is invalid or does not match the name of the site."  I understand the error because I didn't include the internal name of the server on the 3rd party certificate.

What I'd like to do, I believe, is use the self-signed certificate (which is still listed in EMS) for the SMTP (Outlook) and the 3rd party certificate (UCC) for IIS (OWA, Activesync).  I've tried using the {Enable-ExchangeCertificate -Thumbprint [thumbprint] -Services "SMTP"} command to assign the SMTP back to the self-signed certificate.  I've even removed the 3rd party certificate using the Remove-ExchangeCertificate cmdlet, but no matter what I do, Outlook clients still are seeing the 3rd party certificate when they connect to Exchange.

Can I get the self-signed certificate back associated with SMTP or must I regenerate the 3rd party certificate?  If the self-signed cert will work, is there a trick to getting it back associated with SMTP that I'm missing?
0
Comment
Question by:pcamis
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 24150315
As long as the name is valid on the UC cert, that would be best.  If you made a mistake and did not include the hostname in addition to the rest, or did not include the subject name in the SAN list as well, then you may run into issues.  If you recently got the cert, you should be able to conact the cert vendor and have them issue you a new UC cert with the complete set of names that you need.  You can use the UC cert for SMTP, POP3, OWA, etc.
0
 

Author Comment

by:pcamis
ID: 24150342
Thanks paranormastic... so just to confirm, you suggest that the right way to setup the UCC would be:

server.InternalDomain.com (this is the one I had omitted)
owa.ExternalDomain.com
pop.ExternalDomain.com

etc.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 500 total points
ID: 24150472
usually
server   (hostname of server)
server.internaldomain.com
owa.externaldomain.comm
autodiscover.externaldomain.com

If you need

pop.external.com
smtp.external.co
then do that - many places alias these to just 'mail.externaldomain.com'

Remember that whichever name is in the CSR as the subject name will need to be re-entered into the big list of names for the subject alternate name.  This is just a certificate quirk.
0
 

Author Closing Comment

by:pcamis
ID: 31570538
Thanks!
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question