Solved

Restore default self-signed certificates to Exchange 2010

Posted on 2011-03-10
4
3,708 Views
Last Modified: 2012-12-06
I've screwed up badly and need some help.

We've been up and running with Exchange 2010 for a few weeks using a godaddy certificate in addition the the self-signed certificates that came with Exchange 2010 as installed on SBS 2011.  Today, I tried to set another site up to use the server using POP/SMTP + SSL.  It was working a few hours ago, but Exchange was still presenting the self-signed cert instead of the godaddy cert, and the Outlook clients were complaining about it (but working).  Since I could see the godaddy cert in Exchange management console, and it showed to be associated with IMAP, POP, SMTP, and IIS, I removed the two other default certs that were associated with SMTP and/or POP.  Now, I can't access Outlook Web Access or POP over SSL at all, but Exchange native mode still works, and Exchange via HTTP proxy still works.

Explaining the depths of my stupidity here would take too much time.  Basically, what I want to do is get Exchange back to its default cert config.  A screenshot would be helpful as would any other more specific instructions.
0
Comment
Question by:garrun
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 

Author Comment

by:garrun
ID: 35107758
I brought up a clean install of SBS2011/Exchange in a virtual machine, and it looks like the certificate that is missing is of the format: Subject CN=SITES, Issuer CN=domain-server-ca.  Any tips on how to re-add that certificate?
0
 
LVL 8

Accepted Solution

by:
praveenkumare_sp earned 500 total points
ID: 35110822
go to start >run and type mmc

in the opened console select file Add/remove snapin >select cert  > select my computer option in it

once that done see whether u see the certificate in the Personal store

if not run the below command to create a new certificate in the Exchange shell

New-ExchangeCertificate "c=ES, o=Diversión de Bicicleta, cn=mail1. DiversiondeBicicleta.com" -DomainName woodgrove.com, example.com -PrivateKeyExportable $true

and enable the same for IIS service
using the command
Enable-exchangeCertificate -thumbprint <thumbpstring> -services IIS,SMTP,POP,IMAP
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35110828
let me know if u have any quries
0
 

Expert Comment

by:jttech
ID: 38666419
OK now Im confused, can you tell me what you mean by DomainName since this is an internal certificate. SO in our case "c-CA, o=Manufacturing, cn=<servername>.<external domain name>"-DomainName <internal domain name>, <external domain name> -PrivateKeyExportable $true
Is this then my format I should use?
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates‚Ķ
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question