Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1752
  • Last Modified:

Get-ExchangeCertificate

Hi,


When I run Get-ExchangeCertificate |fl, I receive 2 certificates that have services enabled and status valid. Which of them is the trully owner ?



AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {fake_exchange_server, fake_exchange_server.local}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=fake_exchange_server
NotAfter           : 25/08/2015 10:44:35
NotBefore          : 25/08/2010 10:44:35
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 3B39F4022F97C892419A55452825B1A9
Services           : IMAP, POP, SMTP
Status             : Valid
Subject            : CN=fake_exchange_server
Thumbprint         : 61FF19635CCF0567786A551F02507B26302D3A08

AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAccessR
                     ule, System.Security.AccessControl.CryptoKeyAccessRule, System.Security.AccessControl.CryptoKeyAcc
                     essRule}
CertificateDomains : {fake_exchange_server, fake_exchange_server.local}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=fake_exchange_server
NotAfter           : 24/07/2015 18:34:15
NotBefore          : 24/07/2010 18:34:15
PublicKeySize      : 2048
RootCAType         : None
SerialNumber       : 7BBA4CD6C5038C894B8A92D7D321CC5D
Services           : IMAP, POP, IIS, SMTP
Status             : Valid
Subject            : CN=fake_exchange_server
Thumbprint         : 5FD2D929AA9FE7A1B8083AD15A2AED2039A038A0

Thank you

Racy
0
decioracy
Asked:
decioracy
  • 5
  • 5
1 Solution
 
endital1097Commented:
5FD2D929AA9FE7A1B8083AD15A2AED2039A038A0 is the only certificate servicing IIS

i would remove any certificate not in use
0
 
decioracyAuthor Commented:
Hi,

IIS for sure ;)

What about  Services  : IMAP, POP, SMTP ??
0
 
endital1097Commented:
you can have multiple for IMAP and POP
it should not allow multiple for SMTP

if you are not getting certificate warnings or errors for OWA, i would remove the cert with thumbprint = 61FF19635CCF0567786A551F02507B26302D3A08
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
decioracyAuthor Commented:
Hi,
Thank you

I need a command to see what certificate is answering for IMAP, POP, SMTP ... because I must be sure before doing anything
0
 
endital1097Commented:
your other cert is per your initial post
0
 
decioracyAuthor Commented:
yes, But I didnĀ“t that .... Someone did and He was fired .... I don't know if he changed anything ... so I need to I need a command to see what certificate is answering for IMAP, POP, SMTP
0
 
endital1097Commented:
get-exchangecertificate | fl cert*,services,thumb*
0
 
decioracyAuthor Commented:
Hi,

Thank you for your reply, but it gave me almost the same information

0
 
endital1097Commented:
that was expected
as i stated, the cert handling iis is the good cert as long as users are not getting cert errors
0
 
e_aravindCommented:
For POP3 and IMAP4:
In power shell type get-popSettings or get-imapSettings and check
X509CertificateName attribute. This will have the FQDN which is listed in Subject
of the Certificate.
0
 
decioracyAuthor Commented:
This solves all or part of my problem.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now