IMAP is using wrong certificate

I have an SBS 2008 server migrated from SBS 2003. I have a GoDaddy class2 cert installed as "" Everything works correctly with Outlook internally, RPC/HTTPS and POP3. The problem is IMAP does not bind to the correct cert. When I try to connect to the Exchange 2007 server via IMAP the certificate is showing as the SBS self signed cert setup during the migration.

The self signed cert and the GoDaddy cert have exactly the same FQDN.

I have run the command <enable-exchangecertificate -thumbprint "thumbprint_of_GoDaddy_cert"  -services “IMAP,POP> from EMS and still the cert is incorrectly bound to the SBS self signed cert for IMAP, POP works just fine.

I have tried changing the cert to the self signed cert stopping and starting IMAP svc and changing back to the GoDaddy cert stopping and starting IMAP etc..

What am missing?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
If you look in Exchange Management Console:  Server config -->  Client Access -->    In the bottom middle window -->  Select POP3 and IMAP4, then open the IMAP4 the Authentication the X.509 cert name set as the cert you need or another?  
netfriendsincAuthor Commented:
Yes it is set as "". The problem is the self signed cert and the new GoDaddy cert share the same name. There is only one of those certs showing with the name "". It does not show two certs with the same name. When selecting the cert it ends up being the self signed cert.


Do you think I should attempt to create a new self signed cert with a different name?

I tried to delete the old self signed cert in EMS but I had an error not allowing it.
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Yes 100% create a new selfisigned cert with a different name.    
no allowing it...its due to a service being enabled create the new cert and move over whatever service is enabled.
so do a get-exchangecertificate will tell you which services are enabled on the cert...
to move run   Enable-ExchangeCertificate -thumbprint thumbprintofcert -services servicetobemoved
netfriendsincAuthor Commented:
OK. Don't know why I didn't think of this before. I simply opened an MMC and added the certificates snap-in. I went to the cert that was self signed and disabled all purposes for the self signed cert. Problem solved.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.