Solved

Restore default self-signed certificates to Exchange 2010

Posted on 2011-03-10
4
3,769 Views
Last Modified: 2012-12-06
I've screwed up badly and need some help.

We've been up and running with Exchange 2010 for a few weeks using a godaddy certificate in addition the the self-signed certificates that came with Exchange 2010 as installed on SBS 2011.  Today, I tried to set another site up to use the server using POP/SMTP + SSL.  It was working a few hours ago, but Exchange was still presenting the self-signed cert instead of the godaddy cert, and the Outlook clients were complaining about it (but working).  Since I could see the godaddy cert in Exchange management console, and it showed to be associated with IMAP, POP, SMTP, and IIS, I removed the two other default certs that were associated with SMTP and/or POP.  Now, I can't access Outlook Web Access or POP over SSL at all, but Exchange native mode still works, and Exchange via HTTP proxy still works.

Explaining the depths of my stupidity here would take too much time.  Basically, what I want to do is get Exchange back to its default cert config.  A screenshot would be helpful as would any other more specific instructions.
0
Comment
Question by:garrun
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 

Author Comment

by:garrun
ID: 35107758
I brought up a clean install of SBS2011/Exchange in a virtual machine, and it looks like the certificate that is missing is of the format: Subject CN=SITES, Issuer CN=domain-server-ca.  Any tips on how to re-add that certificate?
0
 
LVL 8

Accepted Solution

by:
praveenkumare_sp earned 500 total points
ID: 35110822
go to start >run and type mmc

in the opened console select file Add/remove snapin >select cert  > select my computer option in it

once that done see whether u see the certificate in the Personal store

if not run the below command to create a new certificate in the Exchange shell

New-ExchangeCertificate "c=ES, o=Diversión de Bicicleta, cn=mail1. DiversiondeBicicleta.com" -DomainName woodgrove.com, example.com -PrivateKeyExportable $true

and enable the same for IIS service
using the command
Enable-exchangeCertificate -thumbprint <thumbpstring> -services IIS,SMTP,POP,IMAP
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35110828
let me know if u have any quries
0
 

Expert Comment

by:jttech
ID: 38666419
OK now Im confused, can you tell me what you mean by DomainName since this is an internal certificate. SO in our case "c-CA, o=Manufacturing, cn=<servername>.<external domain name>"-DomainName <internal domain name>, <external domain name> -PrivateKeyExportable $true
Is this then my format I should use?
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses
Course of the Month6 days, 21 hours left to enroll

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question