Wild Card SSL Exchange 2007

Hi,
It is my understanding that IMAP and POP3 will NOT work with a wild card certificate installed on Exchange 2007. How can i use a wildcard certificate yet still use IMAP/POP?

Thanks
LVL 1
mxrider_420Asked:
Who is Participating?
 
BusbarSolutions ArchitectCommented:
this is the certificate request cmdlet, remove mail.contoso.com and contoso.com and use *.contoso.com
0
 
BusbarSolutions ArchitectCommented:
when you assign the certificate using enable-exchangecertificate cmdlet enable it for IIS only not for pop3 and IMAP, for pop3 and IMAP don't use certificate or you will have to order a certificate for them
0
 
Satya PathakLead Technical ConsultantCommented:
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
mxrider_420Author Commented:
Thanks, so if i am not usin IMAP or POP and still wish to use a Wildcard i can do so? what commands do i issue to enroll the new wildcard and how do i revolk the old certificate?

thanks.
0
 
BusbarSolutions ArchitectCommented:
1- Yes you can.
2- you dn't need to revoke the old certificate, assign the old wild certificate to the IIS service, and don't assign it to pop3 and imap.
if you want to use a certificate with POP3 and imap for host pop.domain.com for example then purcase a new certificate with the name pop.domain.com and assign it to pop3 and imap service
0
 
mxrider_420Author Commented:
can you provide me a link on how to assign the certificate to the server minus the IMAP / POP? I see your last post and am cruizing through it but would you mind giving me an example. what the entire command would be if i got a new wildcard (as we are replacing our old single domain one with wildcard)

ie: *.domain.com  (without IMA/POP)

thanks

0
 
BusbarSolutions ArchitectCommented:
first import the certificate t the local computer store.
then
get-exchangecertificate
and not the thumbprint for your certificate
then enable-exchangecertificate
it will ask you about the thumbprint copy and paste it.
it will ask you about the service, just enter iis
0
 
mxrider_420Author Commented:
is this more along the lines of what needs to be done?
New-Exchangecertificate -domainname mail.contoso.com, contoso.com, contoso.local, autodiscover.contoso.com, server01.contoso.local, server01 -Friendlyname contosoinc -generaterequest:$true -keysize 1024 -path c:\certrequest.req -privatekeyexportable:$true –subjectname "c=US o=contoso inc, CN=server01.contoso.com"
0
 
mxrider_420Author Commented:
What defines friendly name? for example if my server is called mail.domain.local inside and mail.domain.com outside, and if server FQDN is mail what would the above command look like? Would you need an autodiscovery record or can you just use the *.domain.com method discussed and would this also work for msstd:*.domain.com

thank you very much.
0
 
BusbarSolutions ArchitectCommented:
*.domain.com means any name.domain.com
for the common name mail.domain.com is fine.
0
 
mxrider_420Author Commented:
Sorry i apologize for my ignorance but im confused. when using a wild card dont you just use *.domain.com everywhere rather than a name.domain.com as if you had a non wild card SSL?
0
 
BusbarSolutions ArchitectCommented:
Well, you have to refer to the 3rd party certificate provider some of them accept *.domain.com as a common name others don't
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.