Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Restore default self-signed certificates to Exchange 2010

Posted on 2011-03-10
4
Medium Priority
?
3,866 Views
Last Modified: 2012-12-06
I've screwed up badly and need some help.

We've been up and running with Exchange 2010 for a few weeks using a godaddy certificate in addition the the self-signed certificates that came with Exchange 2010 as installed on SBS 2011.  Today, I tried to set another site up to use the server using POP/SMTP + SSL.  It was working a few hours ago, but Exchange was still presenting the self-signed cert instead of the godaddy cert, and the Outlook clients were complaining about it (but working).  Since I could see the godaddy cert in Exchange management console, and it showed to be associated with IMAP, POP, SMTP, and IIS, I removed the two other default certs that were associated with SMTP and/or POP.  Now, I can't access Outlook Web Access or POP over SSL at all, but Exchange native mode still works, and Exchange via HTTP proxy still works.

Explaining the depths of my stupidity here would take too much time.  Basically, what I want to do is get Exchange back to its default cert config.  A screenshot would be helpful as would any other more specific instructions.
0
Comment
Question by:garrun
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 

Author Comment

by:garrun
ID: 35107758
I brought up a clean install of SBS2011/Exchange in a virtual machine, and it looks like the certificate that is missing is of the format: Subject CN=SITES, Issuer CN=domain-server-ca.  Any tips on how to re-add that certificate?
0
 
LVL 8

Accepted Solution

by:
praveenkumare_sp earned 2000 total points
ID: 35110822
go to start >run and type mmc

in the opened console select file Add/remove snapin >select cert  > select my computer option in it

once that done see whether u see the certificate in the Personal store

if not run the below command to create a new certificate in the Exchange shell

New-ExchangeCertificate "c=ES, o=Diversión de Bicicleta, cn=mail1. DiversiondeBicicleta.com" -DomainName woodgrove.com, example.com -PrivateKeyExportable $true

and enable the same for IIS service
using the command
Enable-exchangeCertificate -thumbprint <thumbpstring> -services IIS,SMTP,POP,IMAP
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35110828
let me know if u have any quries
0
 

Expert Comment

by:jttech
ID: 38666419
OK now Im confused, can you tell me what you mean by DomainName since this is an internal certificate. SO in our case "c-CA, o=Manufacturing, cn=<servername>.<external domain name>"-DomainName <internal domain name>, <external domain name> -PrivateKeyExportable $true
Is this then my format I should use?
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question