Solved

Restore default self-signed certificates to Exchange 2010

Posted on 2011-03-10
4
3,482 Views
Last Modified: 2012-12-06
I've screwed up badly and need some help.

We've been up and running with Exchange 2010 for a few weeks using a godaddy certificate in addition the the self-signed certificates that came with Exchange 2010 as installed on SBS 2011.  Today, I tried to set another site up to use the server using POP/SMTP + SSL.  It was working a few hours ago, but Exchange was still presenting the self-signed cert instead of the godaddy cert, and the Outlook clients were complaining about it (but working).  Since I could see the godaddy cert in Exchange management console, and it showed to be associated with IMAP, POP, SMTP, and IIS, I removed the two other default certs that were associated with SMTP and/or POP.  Now, I can't access Outlook Web Access or POP over SSL at all, but Exchange native mode still works, and Exchange via HTTP proxy still works.

Explaining the depths of my stupidity here would take too much time.  Basically, what I want to do is get Exchange back to its default cert config.  A screenshot would be helpful as would any other more specific instructions.
0
Comment
Question by:garrun
  • 2
4 Comments
 

Author Comment

by:garrun
ID: 35107758
I brought up a clean install of SBS2011/Exchange in a virtual machine, and it looks like the certificate that is missing is of the format: Subject CN=SITES, Issuer CN=domain-server-ca.  Any tips on how to re-add that certificate?
0
 
LVL 8

Accepted Solution

by:
praveenkumare_sp earned 500 total points
ID: 35110822
go to start >run and type mmc

in the opened console select file Add/remove snapin >select cert  > select my computer option in it

once that done see whether u see the certificate in the Personal store

if not run the below command to create a new certificate in the Exchange shell

New-ExchangeCertificate "c=ES, o=Diversión de Bicicleta, cn=mail1. DiversiondeBicicleta.com" -DomainName woodgrove.com, example.com -PrivateKeyExportable $true

and enable the same for IIS service
using the command
Enable-exchangeCertificate -thumbprint <thumbpstring> -services IIS,SMTP,POP,IMAP
0
 
LVL 8

Expert Comment

by:praveenkumare_sp
ID: 35110828
let me know if u have any quries
0
 

Expert Comment

by:jttech
ID: 38666419
OK now Im confused, can you tell me what you mean by DomainName since this is an internal certificate. SO in our case "c-CA, o=Manufacturing, cn=<servername>.<external domain name>"-DomainName <internal domain name>, <external domain name> -PrivateKeyExportable $true
Is this then my format I should use?
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now