Link to home
Create AccountLog in
Avatar of Terrymac_Computer_Guy
Terrymac_Computer_Guy

asked on

Exchange 2007 certificate not showing Services

When I look at the certificates in our exchange server they don't show the services.
Our certificate expired and need to create a new one.

I tried adding the service smtp and the command looks like it completes but when I look at the certificates again it still doesn't show the services. Need help to find out why and get it fixed.

Here is an example below of the newly created one.
AccessRules        : {System.Security.AccessControl.CryptoKeyAccessRule, System
                     .Security.AccessControl.CryptoKeyAccessRule, System.Securi
                     ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {mail.company.com, Server1, server1.company.com, autodiscover.company.com}
HasPrivateKey      : True
IsSelfSigned       : True
Issuer             : CN=mail.company.com
NotAfter           : 11/7/2012 10:23:59 PM
NotBefore          : 11/7/2011 10:23:59 PM
PublicKeySize      : 2048
SerialNumber       : 9D65FEF7ABC72BBE4FF2D91E7EFA1E77
Status             : Valid
Subject            : CN=mail.company.com
Thumbprint         : E50391550CB4F91FF15B65D15D237B642602CA7B
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

Which cmdlet are you using to get that output?
Avatar of Terrymac_Computer_Guy
Terrymac_Computer_Guy

ASKER

Get-ExchangeCertificate | List
Try this:
get-exchangecertificate | %{$_.services}
If it doesn't return any output, you might have some permissions issues.
it returns
IMAP, POP, IIS, SMTP
IMAP, POP, SMTP
SMTP
The Outlook clients are popping up a certificate warning message still. The original certificate expired.

If I go ahead and select view certificates and install new certificate at the Outlook client it received the new certificate with a warning about trusting any certificate from the server name. And then the popup error goes away and appears to work normally.

Isn't the new certificate done at the server suppose to take care of this trusting and the need to install at the Outlook client not necessary?
When I try and open up the Nicrosoft Certificate Services I get an error The specified services does not exist as an installed service on this server.

Its a Server 2003 x64 edition with exchange 2007
Have you removed the old certificate yet?
No I believe its still there expired on Nov 5th, 2011.

However there was another gentleman who tried following steps to install a certificate before I got here. Not sure if he deleted any.
You'll definitely want to remove the old one if it's there still. That might be part of your problem.
All the documentation I've read say to make sure the new certificate is working before removing the old. Can you send a link showing how removing the old is necessary before the new will take over?

Also its strange the outlook client sees the new cert but does not trust it automatically. Any thoughts on this?
ASKER CERTIFIED SOLUTION
Avatar of Terrymac_Computer_Guy
Terrymac_Computer_Guy

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Have not figured it out and went with the work around of importing the certificate at each workstation.