Exchange 2007 TLS Encryption Wildcard certificate

I need to get our TLS encryption up and running.  We are getting a certificate error right now.

We are using a wildcard certificate provided to us by Network Solutions.  How do I get the Exchange TLS to use our wildcard cert?

Event Type:      Warning
Event Source:      MSExchangeTransport
Event Category:      TransportService
Event ID:      12015
Date:            4/16/2010
Time:            3:09:09 PM
User:            N/A
Computer:      SERVER
Description:
An internal transport certificate expired. Thumbprint:XXXXXXXXXXXXXXXXXXXXXXXXXXXXX

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
LVL 1
alegreAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Satya PathakLead Technical ConsultantCommented:
To resolve this warning, you must use the New-ExchangeCertificate cmdlet to create a new internal transport certificate (also referred to as a direct trust certificate) on the computer that returned this Warning event. Running the New-ExchangeCertificate cmdlet with no arguments creates a Simple Mail Transfer Protocol (SMTP)-enabled certificate for direct trust.
-------------------
Suppose we want to create a UCC self-signed certificate. We will require the following names:

#NETBIOS name of Exchange: EX-2k7 (example)
#Internal FQDN: EX-2k7.abc.local (example)
#External FQDN (Public name): webmail.abc.com (example) (use nslookup/ping to verify the external FQDN)
#Autodiscover name: autodiscover.abc.com (example)
#SubjectName: cn=webmail.abc.com (example)

In EMS, run the following command to generate the new self-signed certificate:

New-ExchangeCertificate -FriendlyName "SelfSigned Cert" -SubjectName "cn=webmail.abc.com" -DomainName EX-2k7,EX-k7.abc.local,webmail.abc.com,autodiscover.abc.com -PrivateKeyExportable $True

Next enable the certificate with Enable-ExchangeCertificate cmdlet. Enable atleast IIS and SMTP.

Enable-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxx -Services POP,IMAP,SMTP,IIS

Next verify certificate has been installed using EMS/IIS Manager or both. (Sometimes you may have to remove the certificate and then install/enable certificate again).

0
alegreAuthor Commented:
This looks like it would work for a self signed certificate but how do I use the cert I already purchased from Network Solutions?  It is a wildcard cert.
0
Satya PathakLead Technical ConsultantCommented:
Its okay you can use it but make sure ...
#NETBIOS name of Exchange: EX-2k7 (example)
#Internal FQDN: EX-2k7.abc.local (example)
#External FQDN (Public name): webmail.abc.com (example) (use nslookup/ping to verify the external FQDN)
#Autodiscover name: autodiscover.abc.com (example)
#SubjectName: cn=webmail.abc.com (example)
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

alegreAuthor Commented:
Thanks for the replies.  

Satya, if I use a self generated cert will the other party use it?  I thought by purchasing the NS cert that both parties would trust it because it is a trusted root cert.
0
Khurram Ullah KhanCommented:
No self signed is only trusted on the same server.
0
alegreAuthor Commented:
Ok, I removed the old cert, imported the new cert using the get-exchangecertificate command and then the secret was to enable it.

enable-exchangecertificate -thumbprint xxxxxxxxxxxxxxxxxx -services xxxxxxxxx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.