IMAP is using wrong certificate

I have an SBS 2008 server migrated from SBS 2003. I have a GoDaddy class2 cert installed as "mail.mydomain.com" Everything works correctly with Outlook internally, RPC/HTTPS and POP3. The problem is IMAP does not bind to the correct cert. When I try to connect to the Exchange 2007 server via IMAP the certificate is showing as the SBS self signed cert setup during the migration.

The self signed cert and the GoDaddy cert have exactly the same FQDN.

I have run the command <enable-exchangecertificate -thumbprint "thumbprint_of_GoDaddy_cert"  -services “IMAP,POP> from EMS and still the cert is incorrectly bound to the SBS self signed cert for IMAP, POP works just fine.

I have tried changing the cert to the self signed cert stopping and starting IMAP svc and changing back to the GoDaddy cert stopping and starting IMAP etc..

What am missing?

netfriendsincAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
netfriendsincConnect With a Mentor Author Commented:
OK. Don't know why I didn't think of this before. I simply opened an MMC and added the certificates snap-in. I went to the mail.mydomain.com cert that was self signed and disabled all purposes for the self signed cert. Problem solved.
0
 
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
If you look in Exchange Management Console:  Server config -->  Client Access -->    In the bottom middle window -->  Select POP3 and IMAP4, then open the IMAP4 properties...select the Authentication tab...is the X.509 cert name set as the cert you need or another?  
0
 
netfriendsincAuthor Commented:
Yes it is set as "mail.mydomain.com". The problem is the self signed cert and the new GoDaddy cert share the same name. There is only one of those certs showing with the name "mail.mydomain.com". It does not show two certs with the same name. When selecting the cert it ends up being the self signed cert.

Question?

Do you think I should attempt to create a new self signed cert with a different name?

I tried to delete the old self signed cert in EMS but I had an error not allowing it.
0
 
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Yes 100% create a new selfisigned cert with a different name.    
no allowing it...its due to a service being enabled usually...so create the new cert and move over whatever service is enabled.
so do a get-exchangecertificate will tell you which services are enabled on the cert...
to move run   Enable-ExchangeCertificate -thumbprint thumbprintofcert -services servicetobemoved
0
All Courses

From novice to tech pro — start learning today.