Solved

Problems installing (and using) U.C.C. (SAN) certificate with Exchange 2007

Posted on 2010-08-25
7
338 Views
Last Modified: 2012-05-10
I am having a problem using a newly-purchased Godaddy UCC Certificate.  I went through the normal process of generating the request, etc...

Long story short: I have imported the certificate onto the server and added it to Exchange (with SMTP,POP,IIS,IMAP for the installed services.)  It asked me if I wanted to overwrite the previous certificate and I chose "y" for "Yes" (duh) however the old certificate which is also disabled for all services is still showing up as the current cert when I try to test the certificate.

Yes, I have restarted IIS and Exchange.  (Did not help)

It looks like (below) that two certs are configured for the same services (the Godaddy one and the self-generated one)

The FIRST certificate listed below (E89F...) is the Godaddy cert that I want to use.

[PS] C:\Windows\System32>get-exchangecertificate

Thumbprint                                Services   Subject
----------                                --------   -------
E89F38CA7D91CCC78C214A951AFF3624FC688E91  IP.WS      CN=remote.domain.com, O...
16D96EF84F27808E705D0BFA36BF726FD5C9CA02  .....      C=US, S=Georgia, L=Some..
B99A2C38F46F2004A89E2604E212FA8BC588D795  .....      C=US, S=Georgia, L=Some...
5D39D4E7CC21EF829D7603351225046B2AE2A9F6  .....      C=US, S=Georgia, L=Some...
24AB1CC7FA72DD8F81214BB8F0C53FF5979EAA98  .....      C=US, S=Georgia, L=Some...
72AE3C32E55F7A6157E104708C2EDC7995E7C86F  IP.WS      CN=remote.domain.com
94E1CFF5D654959310E8B4B8BA49FD6D05BBB61D  .....      CN=WMSvc-WIN-OQ0B0X3O644
53FB184CADA06C373AFCC8041AE6F3F63BD4F494  ....S      CN=ACCO-SS.domain.local
9E062B36717F306766F9607E276459D0470416FE  ....S      CN=Sites
24A4DCF4EDAB19546AEFDBC6D5A0F070E17981F5  .....      CN=acco-ACCO-SS-CA

I've also tried using www.testexchangeconnectivity.com to no avail.

I am not sure what I'm missing here.

At this point, I would make this question 500k points if I could :~)
0
Comment
Question by:PC-Gear
7 Comments
 
LVL 34

Expert Comment

by:Shreedhar Ette
Comment Utility
Hi,

Refer this article:
http://help.godaddy.com/article/4877

Hope this helps,
Shree
0
 
LVL 8

Expert Comment

by:beechy_
Comment Utility
enable-exchangecertificate -thumbprint "thumbprint of old cert you want to remove" -services none
0
 
LVL 19

Accepted Solution

by:
R--R earned 500 total points
Comment Utility
Check in the IIS if you have bind the imported certificate. If not then bind it.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 19

Expert Comment

by:R--R
Comment Utility
0
 
LVL 5

Expert Comment

by:DanMar
Comment Utility
Hi PcGear,
I have followed this wizard with full instructions and never had an issue:
https://www.digicert.com/easy-csr/exchange2007.htm
Full Shell commands listed etc. Let us know how you go?
0
 

Author Closing Comment

by:PC-Gear
Comment Utility
Ahhh.  It was still bound to the other one in IIS.  I had only removed the services for the certificate.  
0
 

Author Comment

by:PC-Gear
Comment Utility
Thanks R--R.

And thanks for all of the quick reponses.

Now the only other problem I'm having is regarding RPC:

This excerpt is from: www.testexchangeconnectivity.com:

Attempting to Ping RPC Proxy remote.domain.com
  RPC Proxy can't be pinged.
   Additional Details
  A Web Exception occurred because an HTTP 401 - Unauthorized response was received from Unknown

I guess I'll post this again in the proper forum.




0

Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SSL Certificate Renewal with Exchange 2010 9 27
Link SQL table to Webpage 9 34
outlook 15 42
Hide External contact 13 25
Easy CSR creation in Exchange 2007,2010 and 2013
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now