Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3940
  • Last Modified:

Restore default self-signed certificates to Exchange 2010

I've screwed up badly and need some help.

We've been up and running with Exchange 2010 for a few weeks using a godaddy certificate in addition the the self-signed certificates that came with Exchange 2010 as installed on SBS 2011.  Today, I tried to set another site up to use the server using POP/SMTP + SSL.  It was working a few hours ago, but Exchange was still presenting the self-signed cert instead of the godaddy cert, and the Outlook clients were complaining about it (but working).  Since I could see the godaddy cert in Exchange management console, and it showed to be associated with IMAP, POP, SMTP, and IIS, I removed the two other default certs that were associated with SMTP and/or POP.  Now, I can't access Outlook Web Access or POP over SSL at all, but Exchange native mode still works, and Exchange via HTTP proxy still works.

Explaining the depths of my stupidity here would take too much time.  Basically, what I want to do is get Exchange back to its default cert config.  A screenshot would be helpful as would any other more specific instructions.
0
garrun
Asked:
garrun
  • 2
1 Solution
 
garrunAuthor Commented:
I brought up a clean install of SBS2011/Exchange in a virtual machine, and it looks like the certificate that is missing is of the format: Subject CN=SITES, Issuer CN=domain-server-ca.  Any tips on how to re-add that certificate?
0
 
praveenkumare_spCommented:
go to start >run and type mmc

in the opened console select file Add/remove snapin >select cert  > select my computer option in it

once that done see whether u see the certificate in the Personal store

if not run the below command to create a new certificate in the Exchange shell

New-ExchangeCertificate "c=ES, o=DiversiĆ³n de Bicicleta, cn=mail1. DiversiondeBicicleta.com" -DomainName woodgrove.com, example.com -PrivateKeyExportable $true

and enable the same for IIS service
using the command
Enable-exchangeCertificate -thumbprint <thumbpstring> -services IIS,SMTP,POP,IMAP
0
 
praveenkumare_spCommented:
let me know if u have any quries
0
 
jttechCommented:
OK now Im confused, can you tell me what you mean by DomainName since this is an internal certificate. SO in our case "c-CA, o=Manufacturing, cn=<servername>.<external domain name>"-DomainName <internal domain name>, <external domain name> -PrivateKeyExportable $true
Is this then my format I should use?
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now