Exchange 2007 TLS Encryption Wildcard certificate

I need to get our TLS encryption up and running.  We are getting a certificate error right now.

We are using a wildcard certificate provided to us by Network Solutions.  How do I get the Exchange TLS to use our wildcard cert?

Event Type:      Warning
Event Source:      MSExchangeTransport
Event Category:      TransportService
Event ID:      12015
Date:            4/16/2010
Time:            3:09:09 PM
User:            N/A
Computer:      SERVER
An internal transport certificate expired. Thumbprint:XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

For more information, see Help and Support Center at
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Satya PathakLead Technical ConsultantCommented:
To resolve this warning, you must use the New-ExchangeCertificate cmdlet to create a new internal transport certificate (also referred to as a direct trust certificate) on the computer that returned this Warning event. Running the New-ExchangeCertificate cmdlet with no arguments creates a Simple Mail Transfer Protocol (SMTP)-enabled certificate for direct trust.
Suppose we want to create a UCC self-signed certificate. We will require the following names:

#NETBIOS name of Exchange: EX-2k7 (example)
#Internal FQDN: (example)
#External FQDN (Public name): (example) (use nslookup/ping to verify the external FQDN)
#Autodiscover name: (example)
#SubjectName: (example)

In EMS, run the following command to generate the new self-signed certificate:

New-ExchangeCertificate -FriendlyName "SelfSigned Cert" -SubjectName "" -DomainName EX-2k7,,, -PrivateKeyExportable $True

Next enable the certificate with Enable-ExchangeCertificate cmdlet. Enable atleast IIS and SMTP.

Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxx -Services POP,IMAP,SMTP,IIS

Next verify certificate has been installed using EMS/IIS Manager or both. (Sometimes you may have to remove the certificate and then install/enable certificate again).

alegreAuthor Commented:
This looks like it would work for a self signed certificate but how do I use the cert I already purchased from Network Solutions?  It is a wildcard cert.
Satya PathakLead Technical ConsultantCommented:
Its okay you can use it but make sure ...
#NETBIOS name of Exchange: EX-2k7 (example)
#Internal FQDN: (example)
#External FQDN (Public name): (example) (use nslookup/ping to verify the external FQDN)
#Autodiscover name: (example)
#SubjectName: (example)
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

alegreAuthor Commented:
Thanks for the replies.  

Satya, if I use a self generated cert will the other party use it?  I thought by purchasing the NS cert that both parties would trust it because it is a trusted root cert.
Khurram Ullah KhanCommented:
No self signed is only trusted on the same server.
alegreAuthor Commented:
Ok, I removed the old cert, imported the new cert using the get-exchangecertificate command and then the secret was to enable it.

enable-exchangecertificate -thumbprint xxxxxxxxxxxxxxxxxx -services xxxxxxxxx

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.