Wild Card SSL Exchange 2007

Hi,
It is my understanding that IMAP and POP3 will NOT work with a wild card certificate installed on Exchange 2007. How can i use a wildcard certificate yet still use IMAP/POP?

Thanks
LVL 1
mxrider_420Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BusbarSolutions ArchitectCommented:
when you assign the certificate using enable-exchangecertificate cmdlet enable it for IIS only not for pop3 and IMAP, for pop3 and IMAP don't use certificate or you will have to order a certificate for them
0
Satya PathakLead Technical ConsultantCommented:
0
mxrider_420Author Commented:
Thanks, so if i am not usin IMAP or POP and still wish to use a Wildcard i can do so? what commands do i issue to enroll the new wildcard and how do i revolk the old certificate?

thanks.
0
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

BusbarSolutions ArchitectCommented:
1- Yes you can.
2- you dn't need to revoke the old certificate, assign the old wild certificate to the IIS service, and don't assign it to pop3 and imap.
if you want to use a certificate with POP3 and imap for host pop.domain.com for example then purcase a new certificate with the name pop.domain.com and assign it to pop3 and imap service
0
mxrider_420Author Commented:
can you provide me a link on how to assign the certificate to the server minus the IMAP / POP? I see your last post and am cruizing through it but would you mind giving me an example. what the entire command would be if i got a new wildcard (as we are replacing our old single domain one with wildcard)

ie: *.domain.com  (without IMA/POP)

thanks

0
BusbarSolutions ArchitectCommented:
first import the certificate t the local computer store.
then
get-exchangecertificate
and not the thumbprint for your certificate
then enable-exchangecertificate
it will ask you about the thumbprint copy and paste it.
it will ask you about the service, just enter iis
0
mxrider_420Author Commented:
is this more along the lines of what needs to be done?
New-Exchangecertificate -domainname mail.contoso.com, contoso.com, contoso.local, autodiscover.contoso.com, server01.contoso.local, server01 -Friendlyname contosoinc -generaterequest:$true -keysize 1024 -path c:\certrequest.req -privatekeyexportable:$true –subjectname "c=US o=contoso inc, CN=server01.contoso.com"
0
BusbarSolutions ArchitectCommented:
this is the certificate request cmdlet, remove mail.contoso.com and contoso.com and use *.contoso.com
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mxrider_420Author Commented:
What defines friendly name? for example if my server is called mail.domain.local inside and mail.domain.com outside, and if server FQDN is mail what would the above command look like? Would you need an autodiscovery record or can you just use the *.domain.com method discussed and would this also work for msstd:*.domain.com

thank you very much.
0
BusbarSolutions ArchitectCommented:
*.domain.com means any name.domain.com
for the common name mail.domain.com is fine.
0
mxrider_420Author Commented:
Sorry i apologize for my ignorance but im confused. when using a wild card dont you just use *.domain.com everywhere rather than a name.domain.com as if you had a non wild card SSL?
0
BusbarSolutions ArchitectCommented:
Well, you have to refer to the 3rd party certificate provider some of them accept *.domain.com as a common name others don't
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.